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Top  tools  for 
BYOD  management 

MobiControl  and  Afaria  lead  the  way 
in  five-vendor  test  of  MDM  tools. 
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‘World’s  largest’ 
telecom  deal  turns 
out  to  be  a  dud 

BY  CAROLYN  DUFFYMARSAN  ~ 

ORIGINALLY  BILLED  as  the  world’s  largest  telecommuni¬ 
cations  purchase,  the  U.S.  government’s  Networx  contract  is 
turning  out  to  be  chump  change  for  the  five  carriers  involved 
in  the  deal.  Halfway  through  its  10-year  term,  the  contract 
has  driven  around  $2  billion  in  revenue  compared  to  pro¬ 
jections  as  high  as  $34  billion  for  this  stage  of  the  program. 

Networx  is  an  umbrella  program  that  allows  federal  agen¬ 
cies  to  buy  voice,  data  and  video  services  from  five  carriers: 
AT&T,  Verizon,  CenturyLink  (formerly  Qwest),  Sprint  and 
Level  3.  Created  by  the  General  Services  Administration 
(GSA),  Networx  has  a  10-year  ceiling  of  $68.2  billion  in  rev¬ 
enue.  However,  due  to  delayed  purchasing  by  agency  cus¬ 
tomers,  Networx  total  revenue  through  September  2012  is 
at  $2.18  billion,  GSA  concedes.  [See  chart,  page  16.] 

“There’s  no  question  that  Networx  is  not  living  up  to 
GSA’s  expectations,”  says  Ray  Bjorklund,  vice  president 
and  chief  knowledge  officer  with  consultancy  Deltek.  “It’s 
not  configured  in  a  flexible  way.  It’s  harder  to  accommo¬ 
date  new  services  and  new  ways  of  buying  than  it  should 
be.  And  the  transition  to  Networx  is  many  years  behind 
schedule  and  still  isn’t  done.” 

►  See  Networx,  page  16 
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Microsoft  targets 
virtualization 

Tight  integration  of  desktop/ 
server  OS  with  Hyper-V 
and  Active  Directory  is  key. 
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Twice  the  virtualization. 

Lower  management  costs. 

None  of  the  compromises. 

You’ve  been  looking  for  IT  solutions  that  meet  the  increasingly  sophisticated  demands 
on  your  infrastructure.  IBM  Flex  System,™  featuring  Intel®  Xeon®  processors,  provides 
simplicity,  flexibility  and  control  in  a  system  that  doesn’t  require  compromise. 

It  supports  up  to  twice  the  number  of  virtual  machines  as  the  previous  generation  of 
blade  servers.1  And  IBM  Flex  System  Manager™  can  help  reduce  management  costs 
by  providing  visibility  and  control  of  all  physical  and  virtual  assets  from  a  single  vantage 
point.2 

You  can  select  individual  elements  and  integrate  them  yourself  or  with  the  support 
of  an  IBM  Business  Partner.  Or  you  can  choose  an  IBM  PureFlex™  System  and 
leverage  IBM’s  expert  integration  for  an  even  simpler  experience.  Learn  more  at 
ibm.com/systems/no_compromise 

Learn  why  Clabby  Analytics  says  IBM  Flex  System  is  the  best  blade  offering  in  the 
market.  Download  the  paper  at  ibm.com/systems/no_compromise 


'  Based  on  IBM  testing  and  documented  in  IBM  System  x®  Virtualization  Server  Consolidation  sizing  methodology.  IBM  Flex  System  x240  supports  27X  more  Peak  Utilization  Virtual  Machines  (VMs)  than  previous 
generation  BladeCenter®  HS22V 

•’  Based  on  IDC  white  paper  “The  Economics  ot  Virtualization:  Moving  Toward  an  Application-Based  Cost  Model,"  Michelle  Bailey,  November  2009,  http://www.vmware.com/tiles/pd1/Virtualization-application-based-cost- 
model~WP-EN.pdf 

Optional  IBM  Flex  System  storage  node  available  fourth  quarter  2012 

IBM,  the  IBM  logo,  System  x  BladeCenter,  PureFlex  IBM  Flex  System  Manager  and  IBM  Flex  System  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation,  registered  in  many 
jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  For  a  current  list  ot  IBM  trademarks,  see  wwwjbm.com'legal/copytradeshtml.  Intel  the  Intel  logo,  Xeon,  and 
Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  US.  and/or  other  countries.  ©International  Business  Machines  Corporation  2012  All  rights  reserved. 
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FROM  THE  EDITOR  JOHN  DIX 

The  new  Microsoft 

Microsoft  seems  to  have  gotten  its  grove 

back,  putting  forward  a  hip,  Apple-esque 
branding  effort  for  the  Windows  8  products 
that  reflects  new  energy  in  Redmond. 

Yes  the  company  has  antagonized  hardware  partners 
by  coming  out  with  its  own  tablets.  Yes  the  new  Windows 
UI  will  take  some  getting  used 
to.  Yes  Windows  Phone  8  is 
a  long  shot.  But  under  the  covers  there  are  lots  of  new 
goodies  for  IT  and,  failing  these  steps  forward,  Microsoft 
risked  a  long,  slow  decline. 

CEO  Steve  Ballmer  at  the  Build  2012  developers 
conference  last  week  said  the  introduction  of  Windows 
8  is  right  up  there  with  the  two  other  biggest  events  in 
his  tenure  at  the  company:  the  launch  of  the  IBM  PC  and 
the  introduction  of  Windows  95,  the  first  version  with  an 
integrated  Web  browser. 

The  early  responses  are  probably  better  than  the  company  could  have  hoped 
for  —  preorders  of  the  Surface  tablet  outstripping  supplies,  4  million  copies  of 
Windows  8  sold  in  the  first  three  days,  and  a  flood  of  reviews,  most  of  them  posi¬ 
tive,  including  our  own: 

“Much  of  the  attention  being  paid  to  this  week’s  Windows  8  launch  focuses  on 
the  new  Metro-style  interface  and  the  fact  that  Microsoft  is  extending  its  desktop 
OS  to  tablets  and  smartphones.  But  for  enterprises,  the  real  story  is  the  way  Micro¬ 
soft  has  integrated  Windows  8,  Windows  Server  2012  and  the  Hyper-V  hypervi¬ 
sor  to  create  an  unmatched  system  for  running  virtualized  environments”  (see 
“Microsoft  targets  virtualization,”  page  12). 

In  fact,  at  Build  Ballmer  said  Microsoft  has  already  sold  “tens  of  millions”  of 
corporate  licenses  for  Windows  8.  Of  course  that  is  a  drop  in  the  bucket  compared 
to  the  billion-plus  installed  base  of  Windows  PCs  out  there,  but  it  is  a  healthy  start. 

What  of  those  observers  who  say  the  Windows  franchise  is  threatened  by  an 
increasingly  mobile  workforce  relying  on  tablets  and  smartphones  from  other 
suppliers?  There  is  no  denying  the  influx  of  these  devices,  but  anecdotal  evidence 
suggests  they  are  adjuncts  to  instead  of  replacements  for  desktops/laptops,  so  let’s 
not  write  off  Windows  so  fast. 

Change  comes  slow,  after  all.  Windows  7  just  surpassed  the  XP  installed  base 
this  past  summer.  And  four  big  shops  we  checked  in  with  say  Windows  is  just  as 
important  to  them  today  as  it  has  always  been. 

These  companies  —  an  $8  billion  energy  company,  a  $2.5  billion  consumer 
electronics  firm,  a  $5.5  billion  consumer  products  company  and  a  national  labora¬ 
tory  —  use  Windows  for  80%  to  100%  of  their  desktops/laptops  today  and  three  of 
the  four  say  they  will  migrate  to  Windows  8  beginning  in  the  next  six  to  12  months. 
While  one  says  it  may  upgrade  to  Windows  7  first. 

With  the  new  virtualization  and  management  tools  baked  in,  Windows  8  looks 
like  a  w  inner,  regardless  of  how  the  Windows  tablets  and  phones  sell. 
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At  Brocade,  we  offer  unmatched  expertise  in  delivering 
Ethernet  fabrics  that  support  today’s  highly  demanding 
cloud  and  virtualized  environments.  We  were  first  to 
market  with  a  fabric  solution,  and  we’re  the  world 
leader  in  fabric  technology  for  storage  area  networks. 


The  solution  for  automated  scalability. 


Brocade®  VCS®  Fabric  technology  delivers  proven 
and  resilient  Ethernet  fabric-based  architectures 
that  can  automatically  scale  to  meet  your  company’s 
needs.  If  it’s  a  question  of  seamless  scalability,  the 
answer  is  Brocade. 


Find  an  easier  way  to  manage  your  virtual  infrastructure. 
Visit  brocade.com/everywhere 


BROCADE 


©  2012  Brocade  Communications  Systems,  Inc.  All  rights  reseived.  Brocade,  the  S  wing  symbol,  and  VCS  are  registered  trademarks  of  Brocade  Communications  Systems,  Inc, 
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pentagon 
opens  door  to  iPhones, 
Android  devices 

IN  ANOTHER  BLOW  to  RIM’s fortunes, the  U.S.  Department 
of  Defense  will  consider  smartphones  other  than  BlackBerries 
if  they  can  meet  the  government’s  tough  security  rules.  The 
DOD  is  inviting  vendors  to  bid  on  software  to  secure  non-RIM 
smartphones  and  tablets,  according  to  published  reports.  The 
DOD  is  not  scrapping  its  BlackBerries.  but  expanding  the  range 
of  supported  devices.  One  of  the  companies  bidding  on  the 


Big  Switch  lands 
big  funding 

OPENFLOW 
CONTROLLER 

start-up  Big  Switch 
Networks  closed  a  $25 
million  Series  B  funding 
round,  bringing  the  total  raised 
by  the  company  (founded  in 
early  2010)  to  $39  million.  The 
round  was  led  by  Redpoint 
Ventures  and  joined  by  Gold¬ 
man  Sachs,  along  with  existing 
investors  Index  Ventures  and 
Khosla  Ventures.  Big  Switch 
has  demonstrated  interoper¬ 
ability  with  Arista,  Brocade, 
Dell,  Extreme,  HP,  IBM,  Juni¬ 
per  Networks  and  Citrix,  Red 
Hat,  Microsoft,  and  VMware. 
Its  OpenFlow/SDN  controllers 
are  designed  to  enable  network 
virtualization  and  private 
cloud  buildouts  that  extend 
beyond  the  limit  of  virtual 
LANs  and  facilitate  applica¬ 
tions  such  as  data  center  inter- 


management  software  contract  will  be  RIM  itself,  offering  its 
BlackBerry  Mobile  Fusion  application  for  managing  Android 


connects  and  disaster  recovery. 

tinyurl.  com/aa  6q44h 


and  iOS  devices,  tinyurl.com/bsjkvam 
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'Zombie 

browsers' 

multiplying 


Microsoft  sells 
4  million  copies 
of  Windows  8 

Microsoft  reports  to  have 
sold  4  million  Windows  8 
upgrades  in  the  first  three 
days  that  the  new  OS  was 
available. 

tinyurl.com/clk5ye4 


hackers  the  ability  to  hijack  the 
user’s  session,  spy  on  webcams, 
upload  and  download  files,  and 
in  the  newer  mobile-device 
area,  hack  into  Google  Android 
phones.  Zoltan  Balazs,  IT 
security  consultant  at  Deloitte 
Hungary,  spoke  about  the  topic 
he  calls  “zombie  browsers” 
during  last  week’s  Hacker 
Halted  Conference  in  Miami. 

He  said  up  until  a  year  ago,  only 
10  of  these  malicious  browser 
extensions  were  known  to  exist, 
but  this  year  has  seen  49  new 
ones.  “It’s  skyrocketing,”  Balazs 
noted,  and  he  faulted  the  anti¬ 
virus  vendors  for  not  address¬ 
ing  the  issue.  “Even  after  two 
years,  none  of  the  anti-virus 
vendors  detect  these,”  he  said. 
tinyurl.com/a7z82t3 


Cisco  simplifies 
server  control 

CISCO  LAST  week  introduced 
UCS  Central,  a  management 
tool  designed  to  simplify  control 
of  thousands  of  servers  spread 
across  data  centers,  letting  IT 
configure  service  profiles,  ID 
pools,  policies  and  firmware 
across  multiple  domains.  The 
existing  UCS  Manager  can  only 
govern  a  single  domain.  UCS 
Central  requires  UCS  Manager 
for  local  domain  management 
while  UCS  Central  provides 
tiered  management  for  the 
global  infrastructure.  UCS 


Central  also  has  an  XML  API 
for  integration  with  third-party 
systems  management  and  cloud 
orchestration  tools,  including 
Compuware,  for  control  of 
application  performance  across 
data  centers,  private,  public  and 
hybrid  clouds;  Cloupia  for  the 
ability  to  replicate  between  mul¬ 
tiple  sites  for  disaster  recovery; 
Zenoss  for  discovery,  monitor¬ 
ing  and  managing  UCS  perfor¬ 
mance  and  capacity  utilization; 
ScienceLogic  for  surveillance  of 
multi-tenant  data  centers;  and 
Splunk  for  gleaning  operational 
intelligence  from  big  data 
generated  by  thousands  of  UCS 
servers,  tinyurl.eom/aa/2h/s 


SOME  WEB  browsers  can  be 
tricked  into  using  malicious 
extensions  that  can  give 
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Safeguarding  your  cellphone 


Microsoft's  ALM 
service  free  for 
five  users 

AFTER  A  year  in  beta,  Microsoft 
launched  Team  Foundation  Service, 
a  hosted  version  of  its  application 
lifecycle  management  (ALM)  soft¬ 
ware.  There’s  no  cost  for  five  or  fewer 
users  and  an  unlimited  number  of 
projects.  “ALM  has  traditionally 
been  known  to  be  very  enterprise 
heavy,  but  [this  service]  could  be 
utilized  by  people  who  may  not 
need  enterprise  scale  but  could  still 
benefit  from  tools  and  services  to 
manage  their  projects,”  said  Karthik 
Ravindran,  senior  director  of  ALM 
marketing  and  management.  Micro¬ 
soft  did  not  say  when  TFS  would 
be  commercially  available  for  more 
than  five  users,  nor  how  much  it 
would  cost,  tinyurl.com/bd2nn23 

Firef  ox:  Botched 
browser  ballot  cost 
us  9M  downloads 

MICROSOFT’S  BROWSER  ballot 
screw-up  in  the  European  Union 
cost  Mozilla  an  estimated  8.8  million 
downloads  of  its  Firefox  browser, 
the  open-source  vendor  estimates. 
Microsoft  faces  fines  that  could  reach 
into  the  billions  of  dollars  for  omit¬ 
ting  a  browser  choice  screen  it  was 
supposed  to  show  European  users 
of  Windows  7.  According  to  Harvey 
Anderson,  Mozilla’s  general  counsel, 
Firefox’s  daily  download  average  fell 
63%  from  approximately  54,000 
to  a  low  of 20,000  before  Microsoft 
rolled  out  a  fix  for  the  snafu  last  sum¬ 
mer.  After  Microsoft  updated  EU 
users’  Windows  7  PCs  with  a  patch 
to  restore  the  ballot  screen,  Firefox 
downloads  increased  150%  to  an 
average  of  approximately  50,000, 
Anderson  claimed.  Other  factors 
beside  the  missing  ballot,  however, 
clearly  played  a  role  in  Firefox’s 
decline,  including  the  concurrent 
rise  in  Google’s  Chrome,  tinyurl. 
com/as5dq8j 


Spoiling  the  Windows  8  party 


U.S.  CELLPHONE  carriers  took  a  major  step  last 
week  toward  curbing  the  rising  number  of  smart¬ 
phone  thefts  with  the  introduction  of  databases 
that  will  block  stolen  phones  from  being  used 
on  domestic  networks.  The  initiative  got  its 
start  earlier  this  year  when  the  FCC  and  police 
chiefs  from  major  cities  asked  the  cellular 
carriers  for  assistance  in  battling  the  surging 
number  of  smartphone  thefts.  In  New  York,  more 
than  40%  of  all  robberies  involve  cellphones  and 
in  Washington,  D.C.,  cellphone  thefts  accounted  for 
38%  of  all  robberies  in  2011. 


RedPrairie  to  buy 
JDA  Software 
for  $1.9  billion 


iPhone  foils  burglar 


A  THIEF  accidentally  filmed 
himself  with  his  own 
iPhone  while  robbing 
a  house  with  a  gang  in 
West  Yorkshire,  England, 
delivering  authorities 
evidence  to  help  put  him 
behind  bars  for  44 
weeks.  The  Daily 
Mail  reported  that 
the  23-year-old 
crook  meant  to  use 
the  iPhone  as  a  flash¬ 
light,  but  instead  hit 
the  video  record  button. 


Amazon  drops 
cloud  prices,  again 


AMAZON  WEB  Services,  fresh  off  an 
outage  that  brought  down  big-name 
sites  such  as  Reddit  and 
Imgur,  announced  an 
18%  price  reduction  for 
its  virtual  machines.  It’s 
the  21st  time  the  leading 
Infrastructure-as-a-Ser- 
vice  vendor  has  dropped 
prices  since  launching  its 
cloud  in  2006.  In  addition  to 
the  price  drop,  AWS  released 
a  new  series  of  Elastic  Cloud 
Compute  instances  with 
high  input/output  qualities. 

They’re  optimized,  AWS  says, 
for  media  encoding,  batch  pro¬ 
cessing,  caching  and  Web  serving. 
tinyurl.com/azdblaq 


REDPRAIRIE  IS  mergingwith 
fellow  supply-chain  software  vendor 
JDA  in  a  deal  worth  roughly  $1.9 
billion,  the  companies  announced 
last  week,  just  days  after  reports 
surfaced  that  JDA  had  put  itself  up 
for  sale.  Analysts  had  speculated 
about  a  number  of  potential  suitors 
for  JDA,  including  IBM  and  Oracle, 
before  RedPrairie  —  which  is  owned 


PARITY  BITS 


by  private  equity  fund  New  Moun¬ 
tain  Capital  —  emerged  as  the  buyer. 
The  pending  merger  is  “going  to  up 
the  stakes  for  the  rest  of  the  [supply- 
chain]  players,  especially  the  smaller 
ones  that  remain,” 
said  analyst  Bob 
Ferrari  of  the 
Ferrari  Consult¬ 
ing  and  Research 
Group.  “Putting 
these  two  com¬ 
panies  together 
is  not  going  to  be 
an  easy  feat,”  he 
added,  tinyurl. 
com/bjoefmA 


MICROSOFT  HAS  been  slapped  with  a  patent 
infringement  lawsuit  over  its  use  of  dynamic  "live” 
tile  icons  in  Windows,  including  in  the  newly 
launched  Windows  8  OS  for  PCs  and  tablets  and 
in  the  Windows  Phone  8  OS  for  smartphones. 
SurfCast,  based  in  Portland,  Maine,  filed  its 
lawsuit  in  the  U.S.  District  Court  for  the  District  of 
Maine,  and  is  asking  for  Microsoft  to  pay  unspecified 
damages  and  attorneys’  fees.  At  issue  is  U.S.  Patent 
6,724,403,  titled  "System  and  Method  for  Simultane¬ 
ous  Display  of  Multiple  Information  Sources,"  which 
SurfCast  was  awarded  in  2004.  In  a  statement,  Micro¬ 
soft  said  it  was  “confident"  it  would  prove  in  court  that 
SurfCast’s  claims  are  without  merit  and  that  Microsoft 
has  created  a  "unique  user  experience.” 


The  number  of 
times  iOS  6  was 
downloaded  in 
the  first  month 
of  its  release. 
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Is  Microsoft  a  threat  to  VMware? 

©  I’VE  USED  BOTH  hypervisors  exten¬ 
sively  in  the  real  world.  What  I  see  across 
all  markets  is  that  VMware  has  a  battle- 
hardened  and  tested  solution  set  “from 
soup  to  nuts.”  Microsoft  is  playing  catch¬ 
up,  and  a  managed  Hyper-V  environment 
is  not  free  (Re:  “VMware,  the  bell  tolls  for 
thee,  and  Microsoft  is  ringing  it”;  tinyurl. 
com/9r276rv). 

If  I  am  a  CIO  I  want  to  know  my  hyper¬ 
visors  aren’t  going  to  come  down  with 
the  latest  MS  kernel  viral  plague.  That 
thought  alone  would  keep  me  on  VMware. 

Ivan 

©THIS  ARTICLE  BROUGHTtoyouby 

Microsoft,  the  next  software  giant  getting 
ready  for  the  Long  Fall.  Microsoft  hasn’t 
done  anything  truly  innovative  or  new 
since  it  came  out  with  Active  Direc¬ 
tory.  It’s  made  its  living  by  leveraging  its 
monopoly  position  and  just  can’t  stand  it 
when  another  company  succeeds  through 
innovation. 

From  the  company  that  brought  you 
Vista  and,  now,  Windows  8. 

russbutton 

California  State  expels  Cisco 

©  I'VE  NEVER  SEEN  this  kind  of  price  dispar¬ 
ity.  My  last  bake-off  was  between  Cisco 
and  Brocade,  and  their  two  solutions  were 
within  5%  of  one  another  after  discount 
(Re:  “Cisco  network  really 
was  $100  million  more”; 
see  page  10). 

The  only  way  this  deal 
could  possibly  be  that 
far  off  is  if  it  were  written 
with  specific-enough 
details  that  Cisco  had 
to  jump  several  steps 
through  the  product  line 
to  meet  the  requirements. 

Or,  if  the  requirement 
was  that  all  possible 
licensing  was  included. 

jla3742 

©TWO  YEARS  AGO  I  had 

the  same  experience.  We  refreshed  our 
network  switches  and  telecommunica¬ 
tions  system.  Alcatel-Lucent  won  the 
bid  by  a  significant  margin  over  Cisco. 
After  doing  much  research  and  verifying 
the  bid  met  all  of  the  required  specifica¬ 
tions,  the  bid  was  awarded  to  ALU  and  it 


has  been  one  of  the  best  decisions  in  my 
25-year  career  as  an  IT  director.  Not  only 
is  the  hardware  one-fifth  of  the  cost,  the 
support  is  also.  The  system  has  per¬ 
formed  beyond  our  expectations. 

Larry 

©  I  FIND  IT  bemusing  how  many  com- 
menters  appear  to  be  overlooking  the 
fact  that  there  were  five  bidders  and  not 
just  two  (Re:  “Ciscogate”;  tinyurl.com/ 
cgceeho). 

So  whilst  accepting  the  future  viability 
of  ALU  is  questionable,  the  real  question 
here  is  how  Cisco  justified  being  $82 
million  more  expensive  than  HP,  $91.4 
million  more  expensive  than  Juniper  and 
$91  million  more  expensive  than  Brocade. 

The  only  conclusions  I  can  think  of  are 
Cisco  didn’t  actually  want  the  business, 
it  was  trying  to  fleece  CSU,  or  it’s  been  so 
busy  writing  RFPs  that  it’s  forgotten  how 
to  interpret  them. 

returnofthemus 

Linus,  Linux  are  incomparable 

©  ONE  CANNOT  COMPARE  OpenStackto 
Linux.  Also,  it  is  through  Linus’  vision, 
development  and  proper  use  of  the 
GPL,  combined  with  the  dominance  of 
Microsoft,  that  created  a  perfect  storm 
and  allowed  Linux  to  grow  and  prosper. 
Would  Linus  have  taken  advice  from  his 
enemies?  Has  he  ever  backed  down  from 
anything  or  failed  to  offer 
a  real  opinion  (Re:  “Does 
OpenStack  need  a  Linus 
Torvalds?”  tinyurl.com/ 
cvwl6gn)? 

Let’s  not  confuse  a 
2-year-old  project  with  the 
promise  of  changing  the 
world  from  a  visionary 
who  did  change  the  world. 

fstrimling 

©GREATARTICLE,  BUT 

it  disregards  that  Linus 
is  a  technical  leader  and 
a  visionary.  Many  of  the 
folks  you  mentioned  are 
not  technical  and  many  don’t  have  much 
experience  building  real  IaaS  clouds. 

A  Linus  for  OpenStack  will  be:  a)  a 
leader  and  decision-maker;  b)  technical; 
c)  experienced  with  IaaS.  Assuming  that 
one  emerges,  that  is. 

randybias 


The  only  conclu¬ 
sions  I  can  think 
of  are  Cisco  didn't 
actually  want  the 
business,  it  was 
trying  to  fleece 
CSU. 
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TREND  ANALYSIS 


Microsoft  doubles  down  on  Windows  8  developers 


Microsoft  CEO  Steve  Ballmer  revealed  a  flurry  of  products  last  week  at  Build  2012,  all  surrounding 
the  release  of  Windows  8.  See  our  test  on  page  12. 


BYTIM  GREENE 

REDMOND,  Wash.  —  Microsoft  is  all-in  on 
the  biggest  gamble  in  its  history. 

That  was  the  message  to  developers  at 
Build  2012,  the  conference  at  the  corporate 
campus  last  week  where  executives  outlined 
what  the  company  has  done  to  make  writ¬ 
ing  new  Windows  applications  faster  and 
simpler. 

They  also  demonstrated  new  features 
developers  can  bring  to  apps  they  write  for 
Windows  8,  Windows  Phone  8  and  for  Micro¬ 
soft’s  cloud  service,  Azure,  all  in  the  hopes  of 
sparking  inspiration  that  will  result  in  appli¬ 
cations  business  customers  will  want  badly 
enough  to  buy  into  Windows. 

The  stakes  are  high.  Microsoft  has 
launched  the  new  Windows  8  operating  sys¬ 
tem  designed  heavily  around  touchscreens 
but  also  supporting  mouse  and  keyboard.  To 
complicate  matters  there  are  two  versions, 
Windows  8  and  Windows  RT,  only  one  of 
which  —  Windows  8  —  supports  traditional 
Windows  applications.  Windows  RT  sup¬ 
ports  only  new  touch-centric  apps  Microsoft 
calls  Windows  Store  apps. 

Toss  in  that  Windows  Phone  8  has  just 
launched  as  well,  sharing  the  same  look  and 
basic  navigational  scheme  as  Windows  8  and 
RT.  The  hope  is  that  customers  will  want  their 
phone,  PC  and  tablet  to  have  the  same  look 
and  feel,  share  applications  and  share  data 
across  all  devices,  aided  by  Microsoft’s  cloud 
storage  service  known  as  SkyDrive. 

That’s  a  lot  for  a  customer  to  take  in,  and 
Microsoft  is  counting  on  developers  to  show 
by  example  how  this  can  all  work  through  the 
applications  they  write. 

Meanwhile  the  clock  is  ticking,  says 
Charles  Golvin,  an  analyst  with  Forrester 
Research.  Microsoft  has  about  two  years  to 
reach  all  its  goals,  otherwise  it  will  miss  the 
chance  to  dominate  Apple  and  Google  in 
mobile  devices,  he  says. 

An  essential  element  is  applications  — 
table  stakes  apps,  existing  apps  that  perform 
better  on  Windows,  and  ground-breaking 
apps  that  are  only  available  on  and  support¬ 
able  by  Windows,  Golvin  says. 

With  this  backdrop,  Microsoft’s  CEO  Steve 
Ballmer  and  his  top  executives  delivered  a 
slew  of  tools,  perks  and  promises  to  energize 
the  apps  writers.  Some  highlights: 

■  A  software  developers  kit  for  Windows 
Phone  8. 

■  Launch  of  a  Windows  Azure  Store  where 
developers  can  hawk  applications  to  aug¬ 
ment  Azure  cloud  services. 


■  Closer  integration  between  Windows 
operating  systems  and  Azure  to  make  it 
easier  to  write  apps  that  rely  on  an  Azure 
back  end. 

■  Team  Foundation  Service,  an  Azure- 
based  software  development  tracker. 

To  sweeten  the  pot,  Ballmer  gave  attendees  a 
free  Surface  tablet/laptop,  100GB  of  free  cloud 
storage  via  SkyDrive,  a  free  Nokia  Lumia  920 
Windows  8  phone  and  a  discounted  develop¬ 
ers  registration  to  the  Windows  store. 

Ballmer  asked  that  attendees  go  out  and 
create  lots  of  apps  for  the  Microsoft  environ¬ 
ment,  promising  that  Microsoft  would  follow 
through  with  advertising  that  should  boost 
the  market  for  those  apps. 

In  response  to  a  massive  Microsoft  effort, 
apps  available  in  its  Windows  Store  have 
grown  from  about  1,000  two  months  ago  to 
more  than  10,000  today,  according  to  the 
website  winupdate.com.  More  than  85%  of 
the  apps  are  free,  the  site  says. 

Whatever  success  Microsoft  has  with  con¬ 
sumers,  it  has  a  more  difficult  time  with  busi¬ 
nesses,  Golvin  says.  “What  we’ve  seen  in  our 
data,  the  enthusiasm  for  adopting  Windows 
8  especially  in  the  enterprise  is  much,  much 
lower  than  it  was  for  Windows  7,”  he  says. 

That  doesn’t  mean  enterprises  aren’t  keep¬ 
ing  an  eye  on  what  Microsoft  is  up  to,  judging 
from  attendees  at  Build  2012. 

Preston  Doster,  a  consultant  with  Slalom 
Consulting,  attended  seeking  more  detail 
on  how  the  pieces  of  the  Microsoft  puzzle 
fit  together.  Clients  say  that  they’re  inter¬ 
ested  in  the  possibility  of  slates  that  can 


join  enterprise  domains  for  work  purposes, 
Doster  says,  something  iPads  cannot  do.  That 
potentially  gives  businesses  more  control 
over  Windows  8  devices,  he  says. 

With  the  ability  to  insert  entire  blocks  of 
code  from  other  sources  into  new  Windows 
Store  applications,  it  should  be  possible  to 
readily  convert  existing  line-of-business 
applications  written  in  .Net,  enabling  transi¬ 
tion  from  Web  apps  to  desktops.  That  means 
quicker  adoption  of  touchscreen  devices  into 
businesses,  he  says. 

He  says  some  clients  are  already  porting 
some  applications  to  Windows  8  as  a  proof  of 
concept,  but  haven’t  committed  to  using  them 
in  production. 

Ken  Sutcliffe,  a  developer  for  Cancer  Care 
Ontario,  already  uses  Windows  Phone  appli¬ 
cations  to  help  in  the  treatment  of  cancer 
patients. 

Brock  Dodgson,  the  development  man¬ 
ager  for  the  agency,  says  he  is  looking  for 
what  new  technology  could  augment  the 
existing  application.  For  example,  near 
field  communication  supported  by  Win¬ 
dows  Phone  8  could  be  used  to  share  drug 
information  sheets  between  clinicians  and 
patients.  “I’m  trying  to  see  where  it  might  fit 
in,”  Dodgson  says. 

He  says  his  organization  might  write  a  pro¬ 
totype  Windows  8  version  of  a  head  and  neck 
radiology  application  already  written  for  the 
iPad.  That  might  be  more  attractive  to  hospi¬ 
tal  IT  staffers  because  it  would  rely  on  a  Win¬ 
dows  back  end  that  they  are  familiar  with  and 
rely  on  already,  Dodgson  says.  ■ 
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TREND  ANALYSIS 


Cisco  network  really  was  $100  million  more 

California  State  explains  RFP  that  produced  wide  delta  in  Cisco,  Alcatel-Lucent  bids 


BYJIM  DUFFY 

CAL  STATE  confirmed  the  wide  pricing  dis¬ 
crepancy  for  a  23-campus  network  overhaul 
awarded  to  Alcatel-Lucent  last  week  for  $22 
million.  Alcatel-Lucent  was  selected  over 
Cisco  and  three  others  by  offering  the  low  bid 
for  the  project,  which  was  $100  million  less 
than  Cisco’s. 

CSU  allowed  Network  World  to  review 
spreadsheets  calculating  the  eight-year  total 
cost  of  ownership  of  each  of  the  live  bidders 
for  the  project.  (Cisco  declined  to  comment  for 
this  story.) 

The  price  discrepancy  between  Cisco  and 
Alcatel-Lucent  sparked  a  flurry  of  skepti¬ 
cism  in  comments  on  the  Network  World  site 
that  the  bids  did  not  represent  a  fair,  apples- 
to-apples  comparison.  When  asked  if  the 
number  of  network  elements  Cisco  proposed 
drastically  outnumbered  those  of  the  other 
bidders,  Michel  Davidoff,  director  of  cyberin¬ 
frastructure  at  CSU,  replied  “Absolutely  not.” 

“Everybody  had  to  comply  with  this 
spreadsheet,”  he  says.  “Every  campus  had 
two  border  routers,  two  cores,  and  two  server 
farm  switches.  All  the  vendors  had  to  propose 
exactly  the  same  solution”  based  on  the  aver¬ 
age  number  of  servers  deployed  at  each  CSU 
campus.  “All  of  this  is  based  on  exactly  the 
same  data  to  all  of  the  vendors.  It’s  exactly  the 
same  formula  for  all  of  the  vendors.” 

Alcatel-Lucent  won  the  project  with  a  bid  of 
$22  million.  Cisco  was  the  high  bidder  with  a 
cost  just  less  than  $123  million.  Not  only  was 
Cisco’s  bid  more  than  five-and-a-half  times 
that  of  Alcatel-Lucent’s,  it  was  three  times  that 
of  the  next  highest  bidder:  HP,  at  $41  million. 

Juniper  came  in  at  $31.6  million,  and  Bro¬ 
cade  offered  $24  million.  All  of  the  prices 
included  discounts  offered  to  CSU,  and  the 
price  delta  between  Cisco  and  the  other  bid¬ 
ders  actually  widened  after  the  discounts 
were  applied,  Davidoff  says. 

The  costs  were  broken  down  into  switches 
and  routers  for  access,  server  farm,  core  and 
border  routing  requirements.  They  included 
port  densities  from  eight  to  480  ports  of  Giga¬ 
bit  Ethernet  and  10G  Ethernet,  with  copper 
and  fiber  connectors,  Layer  2  and  3  feature 
sets,  PoE  and  non-PoE. 

Cisco  pitched  the  Catalyst  3750-X  for 
access.  Nexus  7000  for  server  farms,  Cata¬ 
lyst  6509  for  the  core  and  the  ASR 1006  for 
border  routing.  Alcatel-Lucent  proposed 
the  OmniSwitch  6850  for  access,  and  9700 
for  server  farms,  core  and  border  routing. 


Post-RFP,  however,  CSU  decided  to  deploy 
the  OmniSwitch  6450  and  6850  for  access, 
6850  and  OmniSwitch  6900  for  server 
farms,  and  6900  for  core  and  border  routing 
—  all  of  which  lowered  the  cost  of  the  project. 

Total  bid  costs  were  the  sum  of  Layer  2 
hardware  (and  software),  Layer  3  hardware 
(and  software),  Layer  2  maintenance,  Layer 
3  maintenance,  training,  and  taxes  and  ship¬ 
ping.  Cisco’s  cost  in  each  respective  category 
was  $51  million;  $18.7  million;  $34.3  million; 
$10.6  million;  $1  million;  and  $7  million. 

Alcatel-Lucent’s  was  $14.5  million;  $2.5 
million;  $1.8  million;  $798,000;  $777,000; 
and  $1.7  million. 

San  Jose  twist 

Alcatel-Lucent  will  be  deployed  at  22  of  the 
23  CSU  campuses;  San  Jose  State  University 
is  going  its  own  route  with  a  broader  Cisco 
implementation  costing  $28  million  over  five 
years. 

SJSU  is  replacing  three  legacy  phone 
systems  with  a  Cisco  VoIP  implementation 
supporting  integrated  voice/data  and  video. 
The  university  is  also  implementing  WebEx 
conferencing  in  each  classroom,  Wi-Fi  access 
across  the  campus,  high-definition  Telepres¬ 
ence  conferencing  in  51  “learning  spaces,”  and 
a  new  switch/router  infrastructure. 

“Our  view  was  not  what  hardware  or  soft¬ 
ware  we  were  looking  at;  our  view  was  a  com¬ 
prehensive  solution  with  a  strong  emphasis  on 
learning  and  the  delivery  of  learning  content 
and  the  students’  success,"  says  SJSU  Presi¬ 
dent  Mohammad  Qayoumi. 


Cisco  is  SJSU’s  incumbent  vendor,  just  as  it 
is  with  the  entire  CSU  system.  Asked  if  SJSU 
put  the  project  out  for  bid,  Qayoumi  says  the 
university  “looked  at  the  industry  at  what 
was  available. ...  No  other  vendor  could  meet 
the  needs.  They  may  have  better  cost  or  per¬ 
formance  but  the  more  important  element  in 
a  university  is  how  all  of  these  technologies 
connect  together  and  work  as  an  integrated 
solution.” 

SJSU  worked  with  Cisco  over  a  six-  to  nine- 
month  period  designing  a  system,  Qayoumi 
says.  He  says  he  didn’t  know  if  SJSU  took 
part  in  the  RFP  evaluation  that  culminated 
in  Alcatel-Lucent  winning  the  $22  million 
systemwide  contract. 

“I  don’t  know,  but  I  don’t  believe  we  partici¬ 
pated  in  the  CSU  systemwide  evaluation,”  he 
says.  “I  don’t  know  what  kind  of  committee 
system  the  chancellor’s  office  had  set  up  for 
evaluating  Alcatel. 

“If  you  look  at  the  overall  solution . . .  you 
might  make  savings  in  one  particular  aspect, 
whether  it’s  hardware,  software  or  servers,” 
he  says.  “But  our  view  was,  how  does  it  really 
meet  the  needs  of  all  of  our  students  and  the 
needs  of  our  faculty  and  staff.  That  was  the 
most  critical  element  for  us.” 

Davidoff  declined  to  comment  on  SJSU’s 
decision  to  go  in  another  direction  for  its 
network  infrastructure.  The  first  year  of  the 
SJSU  project  will  be  funded  by  the  sale  of 
SJSU’s  Educational  Broadband  Service  spec¬ 
trum,  and  additional  funds  will  come  from 
the  university’s  IT  services  office  budget  and 
other  sources.  ■ 
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SMARTER  TECHNOLOGY  FOR  A  SMARTER  PLANET 


FROM  DEPLOYING 
IN  MONTHS 


expert  integrated  systems  can 
be  up  and  running  in  as  little  as 
four  horns!  And  once  deployed, 
these  systems  can  automatically 
scale  and  adjust  resources 
as  the  needs  of  the  business 
change — a  process  that  might 
otherwise  take  weeks — freeing 
IT  people  to  focus  on  larger, 
more  strategic  goals. 


7  bousands  of  IT  engagements. 


‘It’s  not  going  to  be  about 
tinkering.Jt’s  getting 
back  that  thirst  to  make 
something.  ” 

Andrew  Smith  flPPn 

VP,  McKesson  IT 


create  patterns  of expertise. 


'huh  automate  processes,  speeding  up  deployments  and  simplifying  management.  So  you're  on  to  the  next  thing. 


TO  READY  IN  HOURS. 


According  to  Forrester,  the 
typical  IT  department  spends  at 
least  33%  of  a  project’s  budget 
just  specifying,  designing  and 
procuring  IT  components.  And 
once  procured,  it  can  take  up  to 
three  months  of  tweaking  before 
those  resources  are  ready  to 
be  used! 

With  decades  of  experience 
and  thousands  of  deployments 
in  the  same  industries,  on 
the  same  topics,  even  for  the 
same  tasks — why  is  it  that 
organizations  are  forced  to 
waste  massive  amounts  of  time 
and  resources  starting  from 
scratch  with  every  new  project? 


INTRODUCING 
IBM  PURESYSTEMS. 

To  address  this  problem,  IBM 
set  out  to  design  a  system  that 
could  benefit  from  previous 
experience — a  system  that 
could  follow  the  patterns 
established  by  successful  IT 
projects  to  make  it  simpler  to 
deploy  and  manage  new  ones. 


An  IBM  Pure  Application''  System 
cuts  the  deployment  of  OneTree 
Solutions'  PriceLenz ™  software 
from  S  weeks  to  8  minutes. 

With  the  launch  of 
PureSystems!"  we  are  now 
delivering  on  that  promise. 

Using  patterns  established 
by  IBM  and  leading  software 
vendors,  this  new  breed  of 


On  a  smarter  planet, 
organizations  will  no  longer 
address  complex  challenges 
with  generic  systems.  Instead 
they  can  rely  on  integrated 
systems  with  the  built-in 
expertise  to  help  solve  them. 
ibm.com/  simplify 


LET’S  BUILD  A 
SMARTER  PLANET. 


1.  Based  on  a  2011  commissioned  study  conducted  by  Forrester  Consulting  on  behalf  of  IBM.  2  Based  upon  testing  of  the  IBM  PureApplication  System  W1500-96  with  time  measured  from  powering  on  the  system  to  when  it  is  ready  to 
support  application  deployments  and  based  upon  testing  of  the  IBM  PureFlex  System  Express  &  Standard  models  containing  one  chassis  and  one  compute  node  with  the  time  measured  from  powering  on  the  system  to  when  it  is  ready 
to  support  a  virtual  image  deployment  IBM,  the  IBM  logo,  ibm.com,  PureApplication,  PureSystems,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide. 
A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  wwwjbm.com/legal/copytradeshtml.  ©  International  Business  Machines  Corporation  2012 


WINDOWS  8/WINDOWS  SERVER  2012 

Microsoft  targets  virtualization 

Tight  integration  of  desktop/server  OS  with  Hyper-V  and  Active  Directory  is  key 


BYTOM  HENDERSON  

Much  of  the  attention  being 
paid  to  last  week’s  Windows 
8  launch  focused  on  the  new 
Metro-style  interface  and  the 
fact  that  Microsoft  is  extend¬ 
ing  its  desktop  OS  to  tablets  and  smartphones. 
But  for  enterprises,  the  real  story  is  the  way 
Microsoft  has  integrated  Windows  8,  Win¬ 
dows  Server  2012  and  the  Hyper-V  hyper¬ 
visor  to  create  an  unmatched  system  for 
running  virtualized  environments. 

Both  Windows  8  and  Windows  Server 
2012  sport  the  new  Metro-style  GUI,  but  we 
found  that  it’s  not  as  radical  a  change  as  has 
been  reported.  Indeed  the  bemoaned  missing 
Start  button  and  menus  already  have  a  dozen 
replacements  being  offered  freely  (or  almost 
freely).  If  you  know  about  Windows  7  or  Win¬ 
dows  Server,  the  menu  makeovers  are  rapidly 
obvious,  we  found. 

Although  we  have  some  minor  reserva¬ 
tions  about  Windows  Server,  we  found  the 
Windows  Server/Windows  8  Enterprise 
combination  to  be  far  ahead  of  its  peers  for 
large  enterprise  deployments  and  manage¬ 
ment.  And  that’s  not  even  counting  the  addi¬ 
tional  management  functionality  available 
from  Microsoft  System  Center  2012. 

Inside  the  Windows  Server  2012  platform 
is  a  shift  toward  the  kind  of  programmabil¬ 
ity  first  envisioned  by  Bill  Gates  when  he 
declared  that  Windows  would  run  on  Basic 
as  a  programming  environment.  That  was 
an  allusion  toward  the  Visual  Basic  scripting 
that  became  popularized  in  inter-application/ 
platform  custom  coding  efforts. 

These  efforts  allowed  organizations  to 
integrate  custom  code  with  Microsoft  Office 
apps,  and  Web  development  efforts  then 
became  centered  around  Microsoft  Share- 
Point  services.  While  these  “departmental” 
and  populist  development  efforts  continue, 
Microsoft  has  now  evolved  its  PowerShell 
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“cmdlets”  in  a  way  that  mimics  scripting 
and  inter-platform  communications,  but  in 
vastly  more  powerful  ways. 

The  goal  is  to  give  the  Windows  platform 
as  much  potential  for  programmability  and 
customization  as  Linux  distributions. 

Windows  8  Enterprise 

Prerelease  criticisms  have  focused  around  a 
number  of  changes  that  appear  to  alter  the 
character  of  Windows-as-we-know-it.  We 
don’t  think  so.  Windows  8  has  a  new  user 
interface,  but  the  changes  are  no  more  radical 
than  those  we’ve  seen  from  Apple,  Canonical 
and  others. 

There  are  just  three  different  versions  of 
Windows  8  to  choose  from:  Home,  Profes¬ 
sional  and  Enterprise,  which  is  differenti¬ 
ated  by  its  ability  to  be  activated  via  Windows 
2012  Key  Management  Services.  Profes¬ 
sional/Enterprise  can  be  considered  the  ana¬ 
log  to  Windows  7  Ultimate;  these  replace  up 
to  nine  different  versions  in  Windows  7. 

You  get  the  Hyper-V  hypervisor  in  Profes¬ 
sional/Enterprise  that’s  the  same  version 
shipped  with  Windows  2012  Server,  replac¬ 
ing  Windows  7  Virtual  PC  as  a  bare  metal- 
type  hypervisor. 

Ostensibly,  it’s  used  to  run  a  prior  version 
that  you  upgraded  from,  like  Windows  XP, 
Vista  or  Windows  7.  You  can  have  your  old 
apps  in  other  ways,  too.  You  can  host  Win¬ 
dows  8  instances  as  VMs  on  Windows  2012 
Hyper-V,  VMware  or  other  hypervisors,  too. 

Microsoft’s  application  virtualizer,  App-V, 


has  been  upgraded  and  now  has  a  physical- 
to-virtual  feature,  although  we  didn’t  test  it. 
App-V  Version  5  allows,  like  prior  versions,  a 
RemoteFX-based  GUI  connection  to  an  appli¬ 
cation  that’s  executing  someplace  else. 

Microsoft  Windows  8  wants  to  own  the 
master  boot  record  (MBR)  on  a  system’s  hard 
drive,  which  some  have  objected  to,  but  solu¬ 
tions  that  allow  an  alternate  boot  have  already 
become  available.  The  controversy  regarding 
whether  to  prevent  boot-sector  virus  vectors 
through  the  use  of  a  UEFI  secure  boot  (a  BIOS 
replacement  scheme)  initially  riled  people 
who  like  to  host  concurrent  operating  system 
or  disk  partition  instances.  And  we  found 
that  Windows  8,  at  installation,  indeed  grabs 
and  will  not  eagerly  let  go  the  disk  master 
boot,  securing  it  and  making  it  very  difficult 
to  place  other  operating  systems  on  it. 

Disk  security  methods  already  in  place  will 
be  removed  on  installation,  unless  Windows  8 
plainly  refuses  to  use  the  disk  because  it  can’t 
partition  it.  We  applaud  Microsoft’s  attempts 
at  boot  security,  and  don’t  have  the  qualms  that 
others  find  when  a  vendor  tries  to  secure  a  sys¬ 
tem.  The  security  trade-off,  we  feel,  is  worth  it. 

We  ran  into  one  case  where  a  prerelease  ver¬ 
sion  of  Windows  8  wouldn’t  install  without 
removing  older  partitions,  but  all  upgrades 
we  tried  from  Windows  7  to  Windows  8 
worked  flawlessly. 

The  Windows  2012  Key  Management  Ser¬ 
vice  allows  instances  of  W8E  to  be  installed, 
grabbing  an  activation  key  when  initially 
installed.  This  works  with  Windows  7,  too.  The 
operating  system  payloads  can  also  be  modi¬ 
fied  to  deploy  both  Microsoft  and  third-party 
software  for  automated  updates. 

Windows  8  opens  with  the  Windows  8 
UI,  which  is  also  found  on  Windows  Server 
2012,  Windows  RT  and  Windows  Mobile 
7.S+.  The  UI  isn’t  tough  to  maneuver  at  all,  we 
found.  A  fast  mouse-movement  to  the  right 
of  the  main  UI  reveals  options  to  change  set¬ 
tings,  and  otherwise  move  around.  Behavior 
of  applications  already  installed  shouldn’t 
change.  But  there’s  a  rub. 

There  are  apps  currently  compatible  with 
Windows  7,  and  those  should  run  OK.  Apps 
that  use  the  new  Windows  8  UI  are  called 
Windows  8  apps,  and  can  be  obtained  (osten¬ 
sibly)  only  from  the  Microsoft  Store.  The  store 
is  currently  starting  to  fill,  but  by  no  means 
has  the  quantity  found  in  Apple,  Google  or 
Amazon  app  stores.  The  regimen  used  to  vet 
applications  in  the  store  is  also  still  largely 
unknown. 

Other  items  we  tested  include:  the  Win¬ 
dows  8  User  State  Migration  Tool,  which 
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Product 

Windows  2012  Standard 
and  Datacenter  editions 

Windows  8  Professional 
and  Enterprise  editions 

Pricing 

Starts  at  $595 

Starts  as  upgrade  at  $39 

Pros 

Broad  Hyper-V  updates;  easier 
deployment;  PowerShell  additions; 
somewhat  cloud-able 

Mostly  Windows  7  underneath, 
so  stable;  easy  to  install 

Cons 

Either  be  Active  Directory-compatible 
or  face  second-class  citizenship; 
licensing  can  be  expensive 

New  interface  might 
flummox  some  end  users 
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allows  user  settings  to  be  migrated  to  a  new 
machine;  Windows  To  Go,  which  makes 
a  bootable  (think  USB  flash  drive  or  other 
externally  connected  drive)  instance,  system 
hardware-permitting;  and  we  played  with 
making  customizable  Windows  8  P/E  images 
for  distribution  purposes. 

By  combining  these  tools,  coupled  to 
server-based  key  management  tools,  deploy¬ 
ing  Windows  has  been  made  almost  as  simple 
as  an  online  Linux  distro. 

On  our  Lenovo  T520  tablets  Windows 
8  boots  in  16  seconds  to  usability  in  a  fresh 
installation,  versus  Windows  7  (with 
updates)  at  27  seconds.  We  could  detect  no 
real  disk  speed  changes,  but  the  UI  is  fast  and 
has  a  “snappy”  feel  when  we  changed  screens, 
or  popped  back  to  the  Windows  8  UI  with  the 
Windows  key  on  the  Lenovos. 

Windows  8  isn’t  quite  as  radical  as  Win¬ 
dows  Server  2012,  but  the  unified  UI  strategy 
is  a  departure  from  UI  and  iterative  func¬ 
tionality  improvements.  Windows  8  is  more 
distributable,  more  easily  secured  and  works 
hard  to  retain  an  enterprise  presence.  Old 
software  works,  new  software  installed  with¬ 
out  issue  if  it  works  with  Windows  7.  What’s 
for  sale  here  is  cross-device  unified  behavior 
atop  the  gains  made  by  Windows  7. 

Windows  Server  2012 
(Standard  and  Datacenter) 

Microsoft’s  plentiful  work  in  2012  was  spent 
making  Hyper-V  more  competitive  with 
features  of  other  virtual  machine  and  cloud 
services  vendors,  but  also  in  out-featuring  its 
competition  in  management  and  enterprise- 
focused  control-plane  capabilities. 

You  don’t  have  to  deploy  all  of  the  options 
to  get  just  traditional  file-and-print,  Active 
Directory  controls  and  MS  Exchange  going  — 
the  most  popular  basic  combination. 

What  Microsoft  has  added  is  the  ability  to 
get  to  those  extra  features  rapidly  and  with 
rational  procedures  for  civilians,  or  modi- 
fiable-then-deployable  payloads  for  larger 
organizations  that  must  distribute  custom¬ 
ized  server  payloads.  And  it’s  all  64-bit. 

There  are  two  forms  of  Windows  Server 
2012  —  Standard  and  Datacenter;  both  can 
be  optionally  run  over  Hyper-V.  Each  Win¬ 
dows  Standard/Server  license  covers  just 
two  physical  processors,  which  we  found 
comparatively  limiting,  although  somewhat 
inline  with  hypervisor  competitor  VMware 
—  where  you’ll  pay  for  the  hypervisor  license 
and,  in  addition,  the  Windows  license.  Stan¬ 
dard  edition  allows  two  VMs;  licenses  can  be 
stacked  up  to  eight  VMs  for  two  licenses  on 
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the  same  server.  Datacenter  licenses  are  essen¬ 
tially  unlimited,  subject  to  the  two  physical 
processor  rule.  CAL  (Client  Access  Licenses) 
are  roughly  the  same  as  before,  and  remote 
access  (VDI)  sessions  also  require  additional- 
cost  licensing  support  in  many  cases. 

We  could  also  choose  to  install,  in  a  GUI  or 
GUI-less  version,  Server  Core. 

In  the  Server  Core  installation,  the  initial 
server  payload  can  be  preconfigured  to  wake 
up  the  first  time  and  find  resources  as  a  pack¬ 
age,  or  can  be  rapidly  and  subsequently  built 
through  the  use  of  additional  PowerShell 
commands.  If  you  haven’t  preconfigured  any¬ 
thing,  you’re  dropped  to  a  “cmd”  box  at  the  end 
of  the  Server  Core  installation,  and  will  sub¬ 
sequently  run  administration  and  modifica¬ 
tion  of  that  server  from  a  different  machine,  or 
through  the  use  of  PowerShell  cmdlets. 

If  the  GUI-based  installation  is  chosen,  only 
a  few  selections  need  be  made  until  the  server 
initially  comes  alive.  From  there,  a  server 
installation  dashboard  provides  choices  of 
what  to  do  to  install  additional  features. 

What  we  liked  about  the  changes  in  the 
Dashboard  approach  was  that  it  allowed  us 
to  make  choices,  and  it  would  figure  out  the 
dependencies  —  other  apps  needed  —  then 
let  us  allow  the  server  to  reboot  automatically. 

The  number  of  PowerShell  cmdlets  has 
increased  dramatically  in  Windows  Server 
2012,  and  extend  to  managing  Active  Direc¬ 
tory  clients.  What’s  lacking  is  a  rudimen¬ 
tary  filing  or  document  control  mechanism 
to  store  and  identify  PowerShell  scripts  in  a 
way  above  implying  the  function  of  a  script 
by  its  file  name. 

Using  Windows  Server  2012  in  a  virtualized 
environment  also  has  improved.  The  changes 
in  Microsoft’s  bare  metal  hypervisor,  Hyper- 
V  3,  now  allows  an  onboard  L2/L3  switch  to 
be  configured  to  manage  traffic.  The  switch 
is  programmable  and  can  be  enlightened  to 
accommodate  VM  machine  moves  among 


server  hosts  for  host-resource  matching. 

The  infrastructure  support  in  Hyper-V  is 
vastly  larger  in  2012  Server  editions  com¬ 
pared  to  2008  R2. 

In  Windows  Server  2012,  Active  Directory 
Rights  Management  Services  (AD  RMS)  are 
linked  to  Active  Directory  Dynamic  Access 
Control,  which  extends  the  covered  storage 
“turf”  to  devices  that  can  be  controlled  via 
Active  Directory  identity  and  access  controls. 

We  set  this  up  and  copied  numerous  fold¬ 
ers.  If  a  device  is  AD-authenticated  (Win¬ 
dows  Vista+),  we  had  protection  afforded  for 
the  files.  We  needed  to  generate  a  client  cer¬ 
tificate,  which,  in  turn,  is  used  by  the  server  to 
match  identity,  a  process  called  DRM  Activate. 

Once  installed,  a  match  is  made  between 
the  client  and  server  portion  when  the  cer¬ 
tificates  match  (we  also  tried  fudging  a  cert, 
but  that  didn’t  work)  and  we  received  file 
access  as  we’d  prescribed,  as  the  creator  or 
administrator  of  the  files  and  folders.  AD 
RMS  also  controls  policies  for  the  Windows 
8  AppLocker  feature.  Encryption  comes  with 
BitLocker,  but  can  also  be  run  with  a  USB  con¬ 
taining  the  key. 

Active  Directory  is  a  key  hook  that  Micro¬ 
soft  has,  and  if  your  clients  and  servers  can 
speak  Active  Directory,  you’re  happy;  other¬ 
wise  you’re  still  a  second-class  citizen. 

What  the  Windows  2012  Server  editions 
provide  is  a  compelling  reason  to  stick  with 
Windows  infrastructure,  as  many  of  the 
advances  represent  integration  of  manage¬ 
ment  components  that  have  no  competitive 
parallels.  Licensing  costs  are  high,  although 
we  like  the  reduction  from  17  versions  of 
Windows  Server  2008.  Now  there  are  four. 
Whew.  H 
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TREND  ANALYSIS 


Gartner:  10  IT  trends  for  the  next  five  years 


BY  MICHAELCOONEY 

ORLANDO  —  Trying  to  stay  ahead  of  the  curve  when  it  comes  to 
IT  issues  is  not  a  job  for  the  faint  of  heart.  That  point  was  driven 
home  at  Gartner’s  annual  IT  Symposium  fest  where  analyst  David 
Cappuccio  outlined  what  he  called  “new  forces  that  are  not  easily 
controlled  by  IT  [that]  are  pushing  themselves  to  the  forefront  of 
IT  spending.” 

The  forces  of  cloud  computing,  social  media/networking,  mobil¬ 
ity  and  information  management  are  all  evolving  at  a  rapid  pace. 
These  evolutions  are  largely  happening  despite  the  controls  that 
IT  normally  places  on  the  use  of  technologies,  Cappuccio  stated.  “IT 
was  forced  to  support  tablets,  and  end  users  forced  them  to  support 
IM  and  wireless  networks  a  few  years  ago.  And  more  such  tech¬ 
nologies  are  on  the  horizon,”  he  said. 

Cappuccio’s  presentation  listed  the  following  as  the  “Ten  Critical 
Trends  and  Technologies  Impacting  IT  During  the  Next  Five  Years.” 


DAVID  CAPPUCCIO, 

ANALYST,  GARTNER 


1  DISRUPTION 

I  Business-user  demand  for  customer 
satisfaction  is  far  outstripping  the  support 
organizations’  ability  to  meet  that  demand.  IT 
organizations  must  invest  in  the  development 
of  IT  service  desk  analyst  skills  and  attri¬ 
butes,  and  organize  appropriately  to  increase 
IT’s  perceived  value.  Enabling  higher  levels 
of  productivity  at  the  IT  service  desk  level 
demonstrates  that  the  IT  organization  cares 
about  the  business,  and  that  it’s  committed 
to  ensuring  that  users  meet  their  goals  and 
objectives.  While  a  focus  on  traditional  train¬ 
ing,  procedures,  security  access,  knowledge 
management  and  scripts  is  warranted,  a 
focus  on  next-generation  support  skills  will 
be  paramount  to  meet  the  needs  and  expecta¬ 
tions  of  the  business  more  efficiently. 


2  SOFTWARE  DEFINED 
HNETWORKS 

SDN  is  a  means  to  abstract  the  network  just 
as  server  virtualization  abstracts  the  server. 
With  SDN  the  controller  has  a  view  of  the 
entire  network  topology  —  both  the  virtual 
and  physical  components  of  it,  including 
switches  and  firewalls  —  and  provides  the 
abstracted  view  to  provision  and  manage  the 
network  connections  and  services  that  appli¬ 
cations  and  the  operators  require. 

When  used  along  with  encapsulations  like 
OpenFlow,  SDN  can  dynamically  extend  a 
private  cloud  into  a  hybrid  model  to  mask 
enterprise-specific  IP  addresses  from  the 
cloud  provider’s  infrastructure.  SDN  also 
promises  to  allow  service  providers  to  offer 
dynamic  provisioned  WAN  services,  poten¬ 
tially  across  multi-provider/multi-vendor 
networks.  Of  course,  there  is  the  potential 


for  significant  organizational  disruption  as 
traditional  network  skills  begin  to  shift,  and 
alignment  with  specific  vendor  products  or 
platforms  becomes  less  rigid. 

3  BIGGER  DATA 
■AND  STORAGE 

Data  growth  continues  unabated. 
Leading-edge  firms  realize  this  and  are 
beginning  to  focus  on  storage  utilization  and 
management  as  a  means  to  reduce  floor  space 
and  energy  usage,  improve  compliance  and 
improve  controls  on  growth  within  the  data 
center.  Now  is  the  time  to  do  this,  because  most 
of  the  growth  during  the  next  five  years  will  be 
in  unstructured  data  —  the  most  difficult  to 
manage  from  a  process  or  tool  point  of  view. 
Technologies  that  will  become  critical  over  the 
next  few  years  are  in-line  deduplication,  auto¬ 
mated  tiering  of  data  to  get  the  most  efficient 
usage  patterns  per  kilowatt,  and  flash  or  SSD 
drives  for  higher-end  performance  optimiza¬ 
tion,  but  with  significantly  reduced  energy 
costs.  NAND  pricing  continues  to  fall  at  a  rapid 
pace,  moving  from  $7,870  per  gigabyte  in  1997 
down  to  $1.25  per  gigabyte  today. 

4  HYBRID  CLOUDS 

■  Cloud  computing  is  heavily  influ¬ 
enced  by  the  Internet  and  vendors  that  have 
sprung  from  it.  Companies  such  as  Google 
deliver  various  services  built  on  a  massively 
parallel  architecture  that  is  highly  auto¬ 
mated,  with  reliability  provided  via  software 
techniques,  rather  than  highly  reliable  hard¬ 
ware.  Although  cost  is  a  potential  benefit 
for  small  companies,  the  biggest  benefits  of 
cloud  computing  are  built-in  elasticity  and 


scalability,  which  reduce  barriers  and  enable 
these  firms  to  grow  quickly.  A  hybrid  cloud  is 
composed  of  services  that  combine  either  for 
increased  capability  beyond  what  any  one  of 
them  has  (aggregating  services,  customizing 
them  or  integrating  two  together),  or  for  addi¬ 
tional  capacity. 

There  is  an  emerging  trend  in  hybrid  data 
centers  whereby  growth  is  looked  at  from 
the  perspective  of  applications  criticality 
and  locality.  As  an  example,  if  a  data  center  is 
nearing  capacity,  rather  than  begin  the  proj¬ 
ect  to  define  and  build  another  site,  work¬ 
loads  are  assessed  based  on  criticality  to  the 
business,  risk  of  loss,  ease  of  migration,  and 
a  determination  is  made  to  move  some  either 
to  collocation  facilities,  hosting,  or  even  to  a 
cloud-type  service.  This  frees  up  floor  space 
in  the  existing  site  for  growth,  both  solving 
the  scale  problem,  and  deferring  capital  costs. 
An  alternative  to  this  is  for  older  data  centers 
to  begin  migrating  critical  work  off-site,  thus 
reducing  downtime  risks  and  business  inter¬ 
ruptions,  while  freeing  up  the  old  data  center 
for  additional  work  (non-critical),  or  for  a 
slow,  in-place,  retrofit  project. 

5  CLIENT  SERVER 

I  In  the  PC  world  of  the  last  quar¬ 
ter  century,  both  the  operating  system  and 
application  were  primarily  resident  on  the 
desktop  (some  large  and  complex  applications 
such  as  ERP  were  located  on  servers  that  could 
be  remote  from  clients).  Today,  anything  goes! 
The  operating  system  —  as  well  as  the  applica¬ 
tion  —  can  be  executed  on  the  PC  or  a  server 
or  streamed  to  a  PC  when  needed.  Choice  of 
architecture  is  dependent  on  user  needs  and 
the  time  frame  for  implementation. 

Regarding  Windows  8  deployments,  90% 
of  enterprises  will  bypass  broad  scale  deploy¬ 
ment,  and  will  focus  on  optimized  Windows 
8  deployments  on  specific  platforms  (for 
example  mobile,  tablet)  only.  Servers  have 
been  undergoing  a  long-term  evolutionary 
process.  They  have  moved  from  stand-alone 
pedestals  to  rack-mounted  form  factors  in 
a  rack  cabinet.  The  latest  step  in  x86  server 
hardware  evolution  is  the  blade  server.  It 
has  taken  hardware  from  just  single  servers 
with  internal  peripherals  in  a  rack  cabinet  to 
a  number  of  more  dense  servers  in  a  single 
chassis  with  shared  backplane,  cooling  and 
power  resources.  A  true  component  design 
allows  for  the  independent  addition  of  even 
more  granular  pieces  like  processors,  mem¬ 
ory,  storage  and  I/O  elements. 

It  always  takes  a  closer  examination  of 
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multiple  factors  —required  density,  power/ 
cooling  efficiency  requirement,  high  avail¬ 
ability,  workload  —  to  reveal  where  blades, 
rack  and  skinless  really  do  have  advantages. 
Moving  forward  this  evolution  will  split  into 
multiple  directions  as  appliance  use  increases 
and  specialty  servers  begin  to  emerge. 

6  THE  INTERNET  OF  THINGS 

I  This  is  a  concept  that  describes 
how  the  Internet  will  expand  as  physical 
items  and  assets  are  connected  to  it.  The 
vision  and  concept  have  existed  for  years; 
however,  there  has  been  acceleration  in  the 
number  and  types  of  things  that  are  being 
connected  and  in  the  technologies  for  iden¬ 
tifying,  sensing  and  communicating.  Key 
advances  include: 

Embedded  sensors:  Sensors  that  detect 
and  communicate  changes  (such  as  acceler¬ 
ometers,  GPS,  compasses,  cameras)  are  being 
embedded  not  just  in  mobile  devices  but  in  an 
increasing  number  of  places  and  objects. 

Image  recognition:  These  technologies 
strive  to  identify  objects,  people,  buildings, 
places,  logos  and  anything  else  that  has  value 
to  consumers  and  enterprises.  Smartphones 
and  tablets  equipped  with  cameras  have 
pushed  this  technology  from  mainly  indus¬ 
trial  applications  to  broad  consumer  and 
enterprise  applications. 

NFC  payment:  NFC  allows  users  to  make 
payments  by  waving  their  mobile  phone  in 
front  of  a  compatible  reader.  Once  NFC  is 
embedded  in  a  critical  mass  of  phones  for 
payment,  industries  can  explore  other  areas  in 
which  NFC  technology  can  improve  efficiency 
and  customer  service. 

7  APPLIANCE  MADNESS 

I  Organizations  are  generally  attracted 
to  appliances  when  they  offer  hands-off  solu¬ 
tions  to  application  and  functional  require¬ 
ments,  but  organizations  are  also  repelled 
by  appliances  when  they  require  additional 
investments  (time  or  software)  for  manage¬ 
ment  functions.  Thus,  successful  appliance 
products  must  not  only  provide  a  cost-effec¬ 
tive  application  solution,  they  must  require 
minimum  management  overhead. 

Despite  the  historical  mixed  bag  of  successes 
and  failures,  vendors  continue  to  introduce 
appliances  to  the  market  because  the  appli¬ 
ance  model  represents  a  unique  opportunity 
for  a  vendor  to  have  more  control  of  the  solu¬ 
tion  stack  and  obtain  greater  margin  in  the 
sale.  In  short,  appliances  aren’t  going  away 


any  time  soon.  But  what’s  new  in  appliances 
is  the  introduction  of  virtual  ones.  A  virtual 
appliance  enables  a  server  vendor  to  offer  a 
complete  solution  stack  in  a  controlled  envi¬ 
ronment,  but  without  the  need  to  provide  any 
actual  hardware.  The  growth  in  virtual  appli¬ 
ances  will  not  kill  physical  appliances;  issues 
such  as  physical  security,  specialized  hardware 
requirements  and  ecosystem  relations  will 
continue  to  drive  physical  requirements. 

The  very  use  of  the  appliance  terminol¬ 
ogy  creates  great  angst  for  some  vendors  and 
users  —  particularly  for  physical  appliances. 
A  highly  integrated  platform  like  Oracle’s 
Exadata  or  VCE  Vblock  is  not  a  true  appli¬ 
ance;  these  are  factory  integrated  systems  that 
will  require  some  degree  of  configuration  and 
tuning,  even  when  the  software  stack  is  inte¬ 
grated;  they  will  never  fit  the  classic  notion  of 
a  “pizza  box.”  But  while  such  systems  will  not 
be  consumed  as  appliances,  they  are  certainly 
packaged  and  sold  in  a  very  appliance-like 
manner.  Many  other  physical  appliances  will 
be  more  faithful  to  the  concept  —  they  will  be 
plug-and-play  devices  that  can  only  deliver  a 
very  prescribed  set  of  services. 

8  COMPLEXITY 

I  The  sources  of  complexity  within 
IT  are  easy  to  spot.  They  include  the  number 
of  initialization  parameters  for  input  into 
starting  an  Oracle  database  (1,600)  and  the 
number  of  pages  (2,300)  of  manuals  to  use 
a  Cisco  switch.  The  complexity  increases, 
though,  when  we  look  at  combining  several 
elements  such  as  Microsoft  Exchange  run¬ 
ning  on  VMware.  What  makes  this  complex¬ 
ity  worse,  however,  is  the  fact  that  we  are  not 
getting  our  money’s  worth:  Historical  stud¬ 
ies  suggest  that  IT  organizations  actually 
use  only  roughly  20%  of  the  features  and 
functions  in  a  system.  This  results  in  large 
amounts  of  IT  debt,  whose  high  maintenance 
costs  for  “leaving  the  lights  on”  divert  needed 
funds  from  projects  that  can  enhance  busi¬ 
ness  competitiveness. 

9  EVOLUTION  TOWARD  THE 
■  VIRTUAL  DATACENTER 

As  we  enter  the  third  phase  of  virtualization 
(phase  1:  MF/Unix,  phase  2:  basic  x86)  we 
see  that  the  higher  the  proportion  of  virtu¬ 
alized  instances,  the  greater  the  workload 
mobility  across  distributed  and  connected 
network  nodes,  validating  fabric  and  cloud 
computing  as  viable  architectures.  As  more 
of  the  infrastructure  becomes  virtualized. 


we  are  reshaping  IT  infrastructure.  We  will 
see  more  possibilities  where  the  “fabric”  will 
eventually  have  the  intelligence  to  analyze 
its  own  properties  against  policy  rules  that 
create  optimum  paths,  alter  them  to  match 
changing  conditions  and  do  so  without 
requiring  laborious  parameter  adjustments. 
X86  virtualization  is  effectively  the  most 
important  technology  innovation  behind 
the  modernization  of  the  data  center.  With  it 
will  be  a  sea-change  in  how  we  view  the  roles 
of  compute,  network  and  storage  elements 
—  from  physical  hardwired  to  logical  and 
decoupled  applications. 

WIT  DEMAND 

I  With  the  increased  aware¬ 
ness  of  the  environmental  impact  data  centers 
can  have,  there  has  been  a  flurry  of  activity 
around  the  need  for  a  data  center  efficiency 
metric.  Most  that  have  been  proposed,  includ¬ 
ing  power  usage  effectiveness  (PUE)  and 
data  center  infrastructure  efficiency  (DCiE), 
attempt  to  map  a  direct  relationship  between 
total  facility  power  delivered  and  IT  equip¬ 
ment  power  available.  Although  these  met¬ 
rics  will  provide  a  high-level  benchmark  for 
comparison  purposes  between  data  centers, 
what  they  do  not  provide  is  any  criteria  to 
show  incremental  improvements  in  efficiency 
over  time.  They  do  not  allow  for  monitoring 
the  effective  use  of  the  power  supplied  —  just 
the  differences  between  power  supplied  and 
power  consumed. 

For  example,  a  data  center  might  be  rated 
with  a  PUE  of  2.0,  an  average  rating.  If  that 
data  center  manager  decided  to  begin  using 
virtualization  to  increase  average  server 
utilization  from  10%  to  60%,  the  data  center 
would  become  more  efficient  using  existing 
resources,  but  overall  PUE  would  not  change 
at  all.  A  more  effective  way  to  look  at  energy 
consumption  is  to  analyze  the  effective  use 
of  power  by  existing  IT  equipment,  relative 
to  the  performance  of  that  equipment.  While 
this  may  sound  intuitively  obvious,  a  typical 
x86  server  will  consume  between  60%  and 
70%  of  its  total  power  load  when  running  at 
very  low  utilization  levels.  Raising  utilization 
levels  has  only  a  nominal  impact  on  power 
consumed,  and  yet  a  significant  impact  on 
effective  performance  per  kilowatt. 

Pushing  IT  resources  toward  higher  effec¬ 
tive  performance  per  kilowatt  can  have  a 
twofold  effect  of  improving  energy  consump¬ 
tion  and  extending  the  life  of  existing  assets 
through  increased  throughput.  The  PPE met¬ 
ric  is  designed  to  capture  this  effect.  ■ 


www.networkworld.com  NOVEMBER  5, 2012  15 


SPECIAL  FOCUS 


Networx  revenue  delayed 

Comparison  of  US  federal  goverment's  FTS2001  and 
Networx  telecom  contract  revenue  by  fiscal  year. 
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FTS2001  REVENUE  WAS  SUPPOSED  TO  END  IN  FY09.  THIS  CHART  SHOWS  HOW  SLOW 
THE  REVENUE  HAS  COME  TO  NETWORX.  WHICH  WAS  AWARDED  IN  FY07. 
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►  Networ x,  from  page  1 

Networx  “has  not  been  successful,”  agrees 
Bob  Woods,  a  former  commissioner  of  GSA’s 
Federal  Telecommunications  Service  who 
runs  Topside  Consulting.  “The  ceiling  number 
was  artificially  high  to  start  with.  It  shouldn’t 
have  been  $68  billion;  $30  billion  would  have 
been  plenty.  They  made  the  contract  so  compli¬ 
cated  that  the  transition  became  impossible  to 
do  in  a  graceful  amount  of  time.  Agencies  have 
taken  forever  to  get  there.” 

On  Sept.  28,  the  GSA  released  a  report  indi¬ 
cating  that  U.S.  agencies  disconnected  99%  of 
their  services  from  the  previous  telecom  ser¬ 
vices  contract,  which  was  called  FTS  2001. 
This  milestone  should  have  been  reached  in 
2009,  according  to  original  GSA  estimates. 

“We’re  years  behind  schedule,”  says 
Edward  Morche,  senior  vice  president,  gen¬ 
eral  manager  of  the  government  markets 
group  at  Level  3  Communications.  “While 
the  FTS  2001  disconnects  are  99%  complete, 
only  70%  of  the  revenue  from  FTS  2001  has 
transitioned  to  Networx.  If  everyone  was 
happy  with  Networx  —  if  it  was  easy  and  pro¬ 
vided  value  —  agencies  would  have  moved 
100%  of  the  revenue  over.  What  we’re  seeing 
is  other  contracting  vehicles  being  used.” 

Networx  offers  48  services  from  toll-free 
voice  to  Web  hosting,  but  these  services  are 
not  bundled  to  allow  agencies  to  easily  buy 
end-to-end  solutions.  Also,  Networx  doesn’t 
offer  cutting-edge  cloud  and  wireless  solu¬ 
tions  because  the  contract  was  written  in 
2005,  before  these  technologies  emerged. 

GSA  argues  that  Networx  is  succeeding 
in  its  goal  to  save  agencies  time  and  money 
when  purchasing  complex  telecom  services. 

“Last  year,  the  Networx  contract  saved  the 
federal  government  more  than  $660  million 
on  commercial  rates,”  Mary  Davie,  GSA  Fed¬ 
eral  Acquisition  Service  acting  commissioner, 
said  in  a  statement.  “The  contract  allows  GSA 
to  provide  core  networking  services  to  almost 
every  federal  agency;  and  those  agencies  typi¬ 
cally  save  between  30%  to  60%  on  the  cost  of 
services.  In  2012,  Networx  saw  the  highest 
business  volume  on  the  contract  to  date,  lead¬ 
ing  to  additional  cost  savings.” 

As  of  Oct.  19,  257  of  266  agencies  had  tran¬ 
sitioned  off  the  FTS  2001  contract,  and  the 
remaining  nine  agencies  were  expected  to 
complete  their  transition  by  December. 

Some  Networx  vendors  —  particularly 
Verizon  and  AT&T  —  are  faring  better  than 
their  rivals.  Deltek  estimates  that  Verizon 
has  earned  47%  of  Networx  revenues,  while 
AT&T  has  earned  41%  and  CenturyLink  12%. 
Sprint  and  Level  3  have  earned  less  than  1%  of 
revenues.  Deltek  estimates. 

Verizon  was  the  largest  incumbent  on  the 
Networx  predecessor  FTS  2001  contract,  so 


rivals  say  it  isn’t  surprising  that  it  is  earning 
the  most  revenue. 

“It  was  very  hard  for  agencies  to  decide  what 
to  do,  and  the  default  position  was  for  them  to 
stick  with  the  incumbent,”  Morche  says.  “It’s 
the  people  looking  to  grow  their  revenue  from 
the  agencies  who  are  going  to  be  the  most  frus¬ 
trated.  Level  3  might  be  the  most  frustrated.” 

Even  carriers  like  AT&T  that  have  fared 
relatively  well  on  Networx  say  the  revenue 
flow  has  come  much  later  than  anticipated. 

“Our  management  is  like  everyone  else’s: 
They  wanted  a  return  on  the  tremendous 
investment  we  put  into  Networx.  They  were 
anxious,”  admits  Jeff  Mohan,  executive  direc¬ 
tor  of  GSA  programs  for  AT&T  Government 
Solutions. 

Nonetheless,  Mohan  is  confident  that  Net¬ 
worx  is  finally  hitting  its  stride  and  will  be  a 
successful  contract  for  AT&T. .  “I  would  char¬ 
acterize  [Networx]  as  perhaps  a  little  late  in 
maturing,”  he  says. 

The  carriers  aren’t  the  only  ones  suffering 
from  the  slow  transition  to  Networx,  argues 
Diana  Gowen,  senior  vice  president  and  gen¬ 
eral  manager  at  CenturyLink.  Gowen  says 
agencies  have  been  paying  higher  telecom 
bills  on  the  older  FTS  2001  contract. 

“From  a  savings-to-the-government  per¬ 
spective,  I  would  have  to  say  this  contract  has 
been  a  failure,  but  no  one  on  [Capitol]  Hill  or 


at  [the  Office  of  Management  and  Budget] 
has  gotten  concerned  enough  to  really  pro¬ 
pel  this  further,”  Gowen  says.  “There  are  still 
agencies  who  have  not  made  decisions,  have 
not  transitioned  [to  Networx]  and  have  not 
disconnected”  from  the  more  expensive  FTS 
2001  contract. 

Topside  Consulting’s  Woods  says  the  pric¬ 
ing  is  good  on  Networx,  but  that  GSA  did  not 
do  enough  to  help  agencies  transition  to  the 
complex  contract.  So  some  agencies  chose 
other  contracting  vehicles  because  Networx 
is  not  mandatory. 

Another  issue  that  slowed  Networx  transi¬ 
tion  was  that  GSA  and  the  agencies  lacked  an 
accurate  inventory  of  network  services  pur¬ 
chased  under  the  predecessor  contract. 

“Say  we  got  10,000  telephone  numbers  to 
transition  to  Networx.  We  couldn’t  just  do  that 
out  of  the  gate  because  of  the  inventory  chal¬ 
lenges.  We  had  to  check  that  all  of  the  num¬ 
bers  belonged  to  the  agency  and  weren’t  a  dry 
cleaner  or  somebody’s  home,”  Mohan  says. 

Carriers  are  urging  GSA  to  change  Net¬ 
worx  to  make  it  easier  for  agencies  to  use 
when  buying  complex  services  to  drive  up 
revenues  for  the  second  half  of  the  contract. 

“For  me,  it’s  the  next  five  years  that  are  really 
going  to  [show]  the  success  of  Networx,”  says 
Susan  Zeleniak,  senior  vice  president  of  Veri¬ 
zon  Public  Sector.  ■ 
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Our  data  centers  offer  top  security,  Cisco  firewall 
protection  and  maximum  uptime.  With  more  than 
20  years  experience  and  an  extensive  server  range, 
we  know  what  IT  professionals  need.  Get  full  root 
access  for  complete  control.  We  are  a  strong 
global  company  with  3  billion  dollars  in  annual 
revenue  and  over  6,000  employees  worldwide. 
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1&1  DYNAMIC  CLOUD  SERVER 

A  fully  flexible  server  for  a  range  of  requirements 

including  applications,  databases,  gaming  and 

much  more! 

■  Independently  configure  CPU,  RAM,  and  storage 

■  Accurate  and  fair:  Control  costs  with 
pay-per-configuration  and  hourly  billing 

■  Up  to  6  Cores,  24  GB  RAM,  800  GB  storage 

■  2000  GB  of  traffic  included  free 

■  Parallels®  Plesk  Panel  11  for  unlimited  domains, 
reseller  ready 

■  Up  to  99  virtual  machines  with  different 
configurations  under  one  contract 

■  No  setup  fee 

■  24/7  phone  and  e-mail  support 


and  hard  disk  space  and  add  up  to  99  virti 
machines.  We  offer  cost  transparency 
through  hourly  billing. 

✓  MAXIMUM  SECURITY 

Redundant  storage  and  mirrored 
processing  units  reliably  protect  your 
server  against  any  failure 
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y/  FULL  ROOT  ACCESS 

The  control  and  functionality  of  a  root 
server  with  dedicated  resources 
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PhoneGap  fills  the  smartphone 
development  gap 


obile  apps  are  all  the  rage 
these  days,  but  to  get  one  built  for 
your  organization  can  be  a  daunt¬ 
ing  financial  prospect.  Should 
you  decide  to  go  to  a  bespoke 
shop  to  have  your  dream  iOS  or 
Android  app  coded  you  would  be 
looking  at  a  seriously  large  price  tag. 


haps  even  days 
rather  than 
months! 


But  if  you’re  looking  for  Android  and 
maybe  iOS,  Android,  BlackBerry,  Windows 
Phone,  Palm  WebOS,  Bada  (Samsung’s 
smartphone  OS),  Tizen  and  Symbian  as  well, 
you  could  be  looking  at  a  biblical  price  tag. 

What  if  you  could  use  your  in-house  Web 
guys  with  their  HTML  and  CSS  and  Java¬ 
Script  skills  and,  with  a  lot  less  hassle  (and 
expense),  build  your  own  apps?  Sounds  like 
a  dream,  doesn’t  it? 

Well,  a  dream  it  is  not . . .  such  an  ambi¬ 
tious  plan  has  been  realized  by  the  BBC, 

Nestle  Mexico  and  NASA  Science  using 
an  amazing  free,  open  source  development 
platform  called  PhoneGap. 

It  is  claimed  that  PhoneGap 
(a.k.a.  “Apache  Cordova” ...  just  to 
make  things  confusing),  which  was 
contributed  to  the  Apache  Software 
Foundation,  has  been  downloaded 
over  1  million  times  and  is  being 
used  by  over  400,000  developers. 

According  to  the  PhoneGap  Web¬ 
site,  “Nitobi  was  the  original  creator 
and  is  one  of  the  primary  contribu¬ 
tors  to  the  PhoneGap  framework.  In 
October  2011,  Adobe  acquired  Nitobi, 
enabling  the  team  to  focus  solely  on 
the  PhoneGap  project  and  continue 
i  ts  work  on  efficient  development 
across  mobile  plat¬ 
forms.  . . .  There  is  also  a  PhoneGap  is  the  most  well-developed 

vast  global  community  cross-smartphone  development 
that  contributes  to  the  solution  Gibbs  has  come  across. 


Mark  Gibbs’  Gearhead 

project,  including 

many  from  IBM,  RIM,  Microsoft  and  more.” 

The  scope  of  involvement  by  so  many  big 
players  is  fascinating  and  raises  hope  that  a 
true  cross-operating  system  development 
platform  for  smartphones  that  relies  on 
well-understood  programming  paradigms 
could  become  a  reality.  Just  imagine  if  the  gap 
between  identifying  a  smartphone-based 
business  need  and  rolling  out  a  robust,  fully 
featured,  multi-platform  app  was  a  matter 
of  weeks  or  per- 
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So,  what  does  PhoneGap  do?  It  provides 
access  to  smartphone  APIs  for  everything 
from  accelerometer  to  camera,  compass, 
contacts,  file,  geolocation,  media  (audio  and 
video),  network,  notifications  (alert,  sound, 
vibration)  and  storage,  all  via  JavaScript 
interacting  with  HTML  and  CSS.  It’s 
beautiful! 

Of  course,  even  though  PhoneGap  is  out 
of  beta,  it’s  not  all  wine  and  roses.  Docu¬ 
mentation  is  poor  and  be  prepared  for  some 
conflicting  instructions  and  moderately 
serious  debugging. 

For  a  general  overview  that  is  rather 
clearer  than  the  PhoneGap  documentation 
see  “Explanation  of  PhoneGap/Cordova 
for  the  Layman”  (tinyurl.com/d7wza4p), 
and  for  installation  of  the  latest  version 
check  out  “PhoneGap  2.1.0  in  Mac  OS  X 
Mountain  Lion  10.8:  from  Download  to  iOS 
App  Store”  (tinyurl.com/cek2d2e),  both 
by  Steve  Husting.  Following  Husting’s 
instructions  I  had  a  “Hello  World”  app  up 
and  running  on  the  iPad  simulator  within 
about  15  minutes! 

PhoneGap,  while  not  a  complete  walk 
in  the  park,  is  the  one  of 
the  most  fully  featured, 
most  flexible  and  most 
well-developed  cross¬ 
smartphone  development 
solutions  I've  come  across 
and,  when  it  comes  to 
capitalizing  the  basic  Web 
skills  of  HTML,  JavaScript 
and  CSS,  it  stands  on  its 
own!  PhoneGaxpgetsa 
Gearhead  rating  of  4.5 
out  of  5!  ■ 

Gibbs  is  cross  about 
platforms  in  Ventura,  Calif. 
Develop  your  thoughts  at 
gearhead@gibbs.com. 
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Security  question  #17 


Can  your  Next-Gen  Firewall  pass  the 
ultimate  security  and  performance  test? 
How  about  excelling  in  three? 

NETWORKWORLD 

Dell  SonicWALL  wins  IDG  Network  World's 

Clear  Choice  performance  test. 


It's  been  a  rewarding  year  for  Dell™  SonicWALL™  and  our  enterprise 
customers.  The  Dell  SonicWALL  SuperMassive™  E10800  came  out 
on  top  in  the  IDG  Network  World  Clear  Choice  performance  test 
for  Next-Gen  Firewalls.  The  SuperMassive  E10800  delivered  proven 
speed  along  with  proven  protection  and  control.  Dell  SonicWALL 
came  close  to  maxing  out  the  test  bed's  network  capacity,  not 
only  in  firewall-only  tests  but  also  when  configured  with  IPS  and 
anti-malware  features  enabled.  The  SuperMassive  E10800 
decrypted  SSL  traffic  at  up  to  4.8  Gbps  and  also  led  the  way  in 
application  detection. 

Dell  SonicWALL  secures  the  enterprise. 


3x  Acclaimed 

See  the  results  for  all  three  independent  tests: 

sonicwall.com/  sweepNWW 


SonicWALL 


Copynght  2012  Dell  Inc.  All  rights  reserved  Dell  SonicWALL  is  a  trademark  of  Dell  Inc  and  all  other  Dell  SonicWALL  product  and  service  names  and  slogans  are  trademarks  of  Dell  Inc 


toolshed 


GADGETS 


New  options  for 
powering  gadgets 
while  commuting 


THE 

SCOOP 


Summit  3000 
rechargeable 
power  bank 


by  MyCharge,  about  $80 

►  What  it  is:  The  Summit  3000  is  a 
3000mAh  lithium  polymer  rechargeable 
battery  that  can  recharge  several  different 
portable  devices.  It  includes  a  built-in  cable 
for  Apple  devices  like  the  iPhone,  iPod  and 
iPad  (at  least  the  older  Dock  Connector 
models,  not  the  new  ones  with  the  Lighting 
port).  Another  built-in  cable  is  for  micro- 
USB  devices,  which  include  several  Android 
phone  models.  A  USB  port  also  allows  for 
recharging  devices  if  owners  also  have  their 
own  USB  cable  for  recharging  (this  could  be 
used,  then,  in  theory,  for  iPhone  5  and  iPad 
fourth-generation  owners). 

In  fact,  you  can  recharge  three  devices 
simultaneously  (via  the  Dock  Connector, 
USB  port  and  micro-USB  cable).  However, 
there’s  a  small  issue:  If  three  high-powered 
devices  are  connected  at  the  same  time,  the 
Summit  3000  assigns  priority  charging  to 
the  Apple  Dock  Connector,  then  the  USB 
connector,  then  the  micro-USB  cable.  If  you 
plug  in  lower-powered  devices  (such  as  an 
iPod  Nano  or  iPod  classic),  simultaneous 
charging  can  occur. 


Fully  charged,  the 
Summit  3000  can 
provide  13  hours  of 
extra  talk  time  for 
a  phone. 


►  Why  it’s  cool:  While  the  unit  comes 
with  its  own  USB  cable  for  recharging  the 
device  off  a  laptop  (like  the  Sojourn  1000 
model),  the  extra  cool  part  here  is  a  fold-out 
power  outlet  prong,  which  lets  you  plug  the 
Summit  3000  into  a  wall  or  power  strip  for 
super-fast  recharging  of  the  battery  pack. 
Also  cool  is  the  voice  notification  feature: 
When  you  plug  the  unit  into  the  wall,  a 
pleasing  voice  tells  you  that  it’s  charging. 
The  voice  also  can  tell  you  how  much  bat¬ 
tery  life  you  have  on  the  recharger  —  press 
a  button  and  it  will  say  things  like  “Battery 
is  almost  full.”  Cool! 

Fully  charged,  the  device  can  offer  up 
to  13  extra  hours  of  talk  time  for  a  phone 
(over  a  3G  network),  and  up  to  10  hours  of 
data  time  (again,  over  3G  —  Wi-Fi  usage 
is  likely  less).  If  you  want  to  use  this  unit 
as  a  synchronization  bridge  between  an 
iPhone/iPod  and  a  computer,  you  can  do 
that  as  well. 

►  Some  caveats:  At  $80  it  might  seem  a  bit 
pricey  for  a  rechargeable  battery  pack,  but 
the  ability  to  charge  many  portable  devices 
at  the  same  time  (including  a  Bluetooth 
headset  and  an  e-reader,  for  example)  make 
this  a  great  device  to  have  in  your  laptop  bag 
of  gadgets. 

►  Grade  ★★★★  (out  of  five). 


Keith  Shaw’s 
Cool  Tools 


PowerCup  200 
Watt  Inverter 
with  USB 
Power  Port 


about  $35 

►  What  it  is:  Shaped  like  a  large-size  cup 
of  coffee  that  you’d  get  at  Starbucks  or 
Dunkin’  Donuts,  the  PowerCup  fits  nicely 
into  your  car’s  standard  cup  holder  slot. 
But  instead  of  coffee,  tea  or  hot  chocolate 
coming  out  of  the  cup,  instead  you  get 
power  for  your  mobile  devices. 

►  Why  it’s  cool:  The  PowerCup  lets  you 
power  up  two  regular  “household  devices” 
through  its  regular  power  ports  (basically 
you  could  power  a  laptop,  DVD  player, 
blender,  fan,  etc.),  as  well  as  one  USB-pow- 
ered  device  (think  iPod,  iPhone,  iPad,  etc.). 
The  PowerCup  itself  is  charged  via  your 
car’s  cigarette  lighter  adapter,  so  as  long 
as  your  cup  holders  are  near  the  cigarette 
lighter  port,  you’re  good  to  go. 

►  Some  caveats:  Be  careful  that  you 
don’t  accidentally  grab  the  PowerCup  on 
your  morning  commute  instead  of  your 
hot  beverage.  Or  spill  your  coffee  into  the 
PowerCup. 

►  Grade  ★★★★ 


Shaw  can  be 
reached  at 
kshaw@nww. 
com.  Follow 
him  on  Twitter: 
@shawkeith. 
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Cloud-Enabled  Wi-Fi,  Wired/  Branch  On-Demand. 

Aerohive  delivers  intelligent,  user-centric  networks  that  keep 
your  users  mobile  and  secure  -  without  all  the  complexity. 

Get  started  with  your  free  evaluation  at 

aerohive.com/enterprise 


Aerohive! 


NETWORKS 


Hive  on. 


MOBILE  DEVICE  MANAGEMENT 


Top  tools  for  BYOD  management 

MobiControl  and  Afaria  lead  the  way  in  five-vendor  test  of  MDM  tools 


BYTOM  HENDERSON 

When  we  tested  mobile 
device  management 
(MDM)  last  year,  the  prod¬ 
ucts  were  largely  focused 
on  asset  management  — 
provisioning,  protecting  and  containing 
mobile  devices. 

What  a  difference  a  year  makes.  The  prod¬ 
ucts  we  compared  in  this  round  of  testing 
have  much  stronger  controls  of  specific  smart¬ 
phones  and  mobile  operating  systems,  plus 
features  like  location-based  tracking,  usage 
tracking,  two-factor  authentication  and  sand¬ 
boxing  of  personal  and  corporate  identities. 

Of  the  five  MDM  apps  we  reviewed,  SOTI’s 
MobiControl  was  very  strong  and  understood 
specific  phones  and  OS  platforms  very  well. 
Tangoe  had  very  strong  enterprise-focused 
management  features.  Newcomer  Webroot  is 
promising,  but  still  has  work  to  do  to  catch  up 
to  the  others  in  our  test.  SAP’s  Afaria,  which 
we  tested  last  year,  sported  a  new,  almost  radi¬ 
cal  makeover  that’s  a  dramatic  improvement 
over  the  last  edition.  Venerable  LanDesk  has 
added  MDM  to  its  desktop  management 
suite,  and  while  the  installation  phase  gave 
us  moderate  willies,  we  came  to  appreciate 
the  product’s  device  controls,  easy  policy 
management  and  reporting. 

Overall,  MobiControl  and  Afaria  tied  for 
first  place  in  our  test,  with  Tangoe  not  far 
behind. 

The  specific  purpose  of  our  test  was  to 
examine  mobile  device  management.  How¬ 
ever,  it’s  important  to  note  that  all  five  ven¬ 
dors  offer  MDM  as  well  as  a  variety  of  other 
optional  applications.  These  additional  fea¬ 
tures  were  not  tested. 

For  example,  Tangoe  also  offers  telephony 
cost  control  and  asset  life  cycle  applications. 
LanDesk  adds  its  highly  seasoned  Windows- 
based  systems  management  console.  SAP/ 
Afaria  adds  in  optional  analytics  and  its 
MDM  app  can  be  internally  hosted  on  SAP/ 
Sybase  database  infrastructure  (Microsoft’s, 
too).  SOTI  adds  MobiAssist,  a  PC/mobile 
device  help  desk  center  with  rapid  remote 
control.  And  Webroot  adds  a  line  of  con¬ 
sumer  virus/malware  detection  systems  and 
secure  Web  browsing. 

Here  are  the  individual  reviews: 

Tangoe  MDM 

Tangoe  installs  on  its  hosts  (at  a  Data  Foundry 
collocation  facility  and  elsewhere),  or  can 
be  deployed  on  premises,  or  run  as  a  man¬ 
aged  service  within  a  client’s  data  center  (by 


Tangoe  or  Tangoe  affiliates).  We  went  with 
the  hosted  cloud  model  (because  it’s  easier, 
frankly).  A  full  stack  of  the  installation  can 
be  accessed  via  VPN. 

Tangoe  started  in  telephony  cost  contain¬ 
ment  and  asset  control  applications,  and 
their  products  offer  complete  mobile  device 
life  cycle  management.  The  MDM  function¬ 
ality  was  mature  and  reflects  workflow  used 
in  larger  organizations  well.  The  Web  UI  in 
our  test  didn’t  quite  define  the  workflow,  but 
became  rapidly  maneuverable. 


The  Tangoe  MDM  app  can  cover  iOS, 
Android,  BlackBerry  and  Windows  Mobile. 
The  customer  intake  process  starts  with  pro¬ 
visioning  the  elements  of  Tangoe  MDM,  then 
deploying  the  apps  and  software  into  their  des¬ 
tinations.  In  our  case,  that  was  Tangoe’s  cloud. 

Tangoe  MDM  workflow  wanted  us  to  go 
through  the  steps  of  deciding  security  and 
compliance  policies  in  one  of  two  ways:  a  flat 
model  that  treats  all  devices  the  same,  or  one 
that  divides  devices  into  two  profiles,  per¬ 
sonal  and  corporate. 
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ILLUSTRATION:  HUAN  TRAN 


Apps,  data,  encryption  and  settings  are 
partitioned  on  the  device  for  control  pur¬ 
poses,  although  this  feature,  called  Divide, 
costs  extra  per  device,  per  month. 

This  optional  corporate/personal  profile 
becomes  the  crux  of  a  device  sandbox  meth¬ 
odology;  the  device  then  maintains  and  par¬ 
titions  the  two  personalities.  We  tested  this 
on  an  Android  phone,  and  we  found  that 
some  resources  (applications,  settings,  and 
configurations)  must  be  duplicated,  so  the 
resources  of  the  device  in  terms  of  storage 
must  be  considered.  Lots  of  apps  will  mean 
lots  of  storage  and  the  amount  set  aside  for 
business  vs.  personal  storage  (music,  apps, 
videos)  must  be  understood  well,  or  one  of 
the  roles  will  suffer  for  want  of  space. 

The  amount  of  data,  voice 
and  texting  resources  used 
is  also  tracked  on  the  device, 
and  the  information  is  avail¬ 
able  (by  policy  option)  to  the 
user  so  that  costs  can  be  shown. 

This  includes  a  breakdown  by 
application  of  how  much  phone 
resources  are  used  on  the  device 
(a  phone  in  our  case)  and  how 
much  remains  within  the  bill¬ 
ing  period.  Individual  apps  can 
be  “outed”  for  their  voracious 
use  (example:  videos). 

To  get  there,  we  had  to  define 
a  Carrier  Plan,  which  spells 
out  various  options.  The  device 


sends  information  which  is  used  to  create  a 
working  graph  of  usage  against  the  Carrier 
Plan.  The  resource  tracking  can  portend 
a  reality  check  for  the  user,  although  we 
weren’t  able  to  run  up  sufficient  numbers  to 
live  in  fear  for  our  monthly  costs.  Will  it  tame 
the  wild  user?  We  think  it  could  help. 

There’s  integration  available  with  Active 
Directory,  and/or  Microsoft  Office  365,  and 
Microsoft’s  Business  Productivity  Online  Ser¬ 
vices,  but  we  didn’t  strongly  test  these  features. 

We  could  also  choose  application  delivery 
for  devices,  crafted  through  mobile  device¬ 
specific  categories.  App  distribution  would 
be  through  an  organization’s  “enterprise  app 
store”  or  chosen  from  platform  stores  such  as 
Google  Play.  The  apps  aren’t  vetted  for  secu¬ 
rity  first;  that’s  up  to  the  client 
organization.  We  could  add 
to  the  pool  of  apps,  and  addi¬ 
tionally  choose  to  push  appli¬ 
cations  (again  by  OS-specific 
methods)  to  phones  for  initial 
updates,  replacements  or 
other  uses. 

Although  the  policy-mak¬ 
ing  steps  gave  us  questions 
about  operations,  we  found 
a  handy  “test”  button  so  that 
we  could  try  them  out  before 
inflicting  them  on  groups  of 
new  users.  We  liked  that.  The 
online  help  docs  are  good,  but 
lack  flow  suggestions  and 


integration  information,  so  Tangoe  help,  in 
at  least  initial  integration,  is  likely  for  first¬ 
time  integration  of  Tangoe  MDM. 

Overall,  it’s  a  powerful  application  with 
understandable  flow  and  good  controls. 

SOTI  MobiControl 

Of  the  MDM  apps  we  tested,  SOTI  is  the  most 
comprehensive  (for  Android  and  iOS),  if  not 
the  most  scary  MDM  app  we’ve  seen.  The 
fright  comes  from  the  degree  of  controls  that 
can  be  applied  —  and  the  fact  that  it  can  track 
phone  locations  across  most  parts  of  the  planet 
on  its  console’s  Google  Maps.  We  got  visuals  in 
Google  Maps  of  where  the  phone  was  going,  as 
though  we  were  tracking  the  device  (and  user) 
down  the  street  as  it  traveled.  We  thought  of 
three-letter  agency  appeal. 

Using  specific  brand  phone  technology  — 
Samsung’s  in  our  test  —  it  can  put  you  on  a  spe¬ 
cific  hole  at  a  golf  course  using  Google  Maps. 
On  other  devices,  it’s  just  slightly  less  accurate 
in  finding  location  and  sometimes  merely  put 
us  in  a  vicinity,  rather  than  an  exact  location, 
when  we  were  in  downtown  areas. 

This  means:  no  more  fudging  about  “Oh, 
I’m  at  home  today  with  a  sick  child,”  or  “I’m 
still  in  Stockholm.”  Of  course,  that  same 
location-based  user  vectoring  can  also  be  tre¬ 
mendously  useful.  “Which  plant  is  she  in?” 
‘Oh,  look,  he’s  stuck  on  the  FDR  Expressway 
again.”  “No,  he’s  still  in  his  hotel.” 

Only  the  administrator  of  the  MobiCon¬ 
trol  can  “see”  this  information,  but  we  get 


Tangoe  MDM  offers  a 
mature,  enterprise-grade 
option  for  BYOD  control. 
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Product 

Tangoe  MDM 

SOTI 

MobiControl 

Webroot 
SecureAnywhere 
Business-Mobile 
Protection  vl.O 

SAP/Sybase/ 
Afaria  7 

LanDesk  Mobility 
Manager 

Price 

MDM:  $2/device  (1,000 
or  more)  per  month  as 
tested;  Containerization 
add  $4.50/device/month; 
Content  Management 
add  $4.75/user/month; 
rTEM  (Real-Time  Expense 
Management)  is  $l/device/ 
month  (1,000  devices) 

Starts  at  $66/device 

Less  than  $3  per 
month  per  device 

Seats  start  at 
$2-$3  per  month, 
per  user (hosted 
through  Amazon 

Web  Services 
and  managed 
by  customer  or 
third  party) 

List  price:  $38  per 
device  at  1,000  nodes 
for  a  perpetual  license; 
street  price:  $22-$28 

Pros 

Very  good  provisioning; 
ability  to  partition 
user  devices 

Highly  detailed  user 
controls  and  package 
options;  outstanding 
device  location 

Has  device  location, 
secure  browsing 
feature 

Improved  unified  Ul; 
rapidly  deployed 

Very  good  Active 
Directory  integration; 
easily  configured 
app  portal 

Cons 

Optional  features  can 
boost  overall  costs 

On-prem  version 
not  as  up-to-date 
as  cloud  version 

Immature,  a  few  bugs 

No  location 
services; 

weaker  app  control 

Truckload  installation; 
doesn’t  vet  app 
states  (e.g.,  rootkits 
and  malware) 
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CLEAR  MOBILE  DEVICE  MANAGEMENT 

CHOICE 

TESTi^ 


SCORECARD  f mmmmmiiiiiimmiiiiiiiimiiiiiiiiiiimiimiiiiniiiiimmimiimmiiiiiiintiiiif mimn 


Product 

Tangoe 

MDM  vl2 

SOTI 

MobiControl 

Webroot 

SAPAfaria7 

LanDesk 

MDM 

Installation  & 

Provisioning  (25%) 

4.5 

4.5 

3 

4 

4 

SCORING 

KEY 

5:  Exceptional 

Policies  and 

Management  (25%) 

4 

4.5 

2 

4.5 

3.5 

4:  Very  Good 

3:  Average 

Control  Features  (25%) 

4 

4.5 

3 

4 

3.5 

2:  Below  Average 

Setup,  Workflow  and 
Documentation  (25%) 

4.5 

4.5 

2 

5 

4 

1:  Consistently 
Subpar 

Total 

4.25 

4.5 

2.5 

4.3 

3.75 

the  feeling  that  it  opens  up  a  Pandora’s  box  of 
interesting  situations. 

There  are  two  versions  of  MobiControl;  we 
tested  the  cloud  version,  rather  than  the  on¬ 
premise  one.  Customer  intake  includes  Active 
Directory  linking  where  needed  or  desired. 

We  used  a  Windows  7  virtual  machine 
hardwired  to  an  IPv4  address  in  our  network 
operations  center  as  a  virtual  machine;  this 
machine  needs  a  world- accessible  IP  address 
or  FQDN  or  proxy  connection,  as  devices  will 
communicate  with  this  machine.  If  there  are 
many  devices,  the  machine  will  need  reason¬ 
able  firewalling/protection  and  high  avail¬ 
ability  resources. 

The  SOTI  proxy  machine  needs  to  have 
two  ports  open  (and  cleared  to  it  from  the 
outside  world),  and  that  machine  also  needs 
a  clear  path  to  an  Active  Directory  catalog 


MobiControl  is  the  most  comprehensive 
product  we  tested. 


server  for  proxy  authentication  purposes. 
This  allows  user  requests  from  outside  a  net¬ 
work  to  get  to  it,  and  permits  Active  Direc¬ 
tory  commands  and  changes  to  pass  through 
SOTI  for  control  purposes. 

The  SOTI  MobiControl  covers  iOS, 
Android  and  older  Windows  Mobile  versions. 
We  had  to  create  groups,  then  devices  to  fill  in 
the  groups,  then  describe,  via  a  Device  Agent 
Manager,  the  device  itself.  It  was  only  slightly 
laborious  for  basic  connectivity  and  control. 
The  real  work  comes  in  designing  payloads 
and  managing  authentication  keys  (where 
needed)  and  accessibility  com¬ 
ponents  for  organizational 
access  via  Active  Directory 
where  desired. 

Fleet  provisioning  can  be 
detailed  for  various  qualities 
of  mobile  devices,  depending 
on  their  brand/model,  OS  and 
version,  and  other  qualifiers. 

The  details  could  be  specific 
to  phones  for  application  pay- 
load  purposes  (one  can  include 
a  varying  payload  of  apps  if 
desired),  or  departmentally 
sorted  payloads  (apps,  poli¬ 
cies).  Inside  the  payload  can 
be  things  like  security  keys 
to  access  SSL-secured  Exchange  Mail,  or 
app  packages  and/or  data  and/or  links  to 
them  or  settings  controls.  Workflow,  like 
Tangoe  MDM,  isn’t  quite  obvious,  but  setup 
strategy  can  be  decided  with  a  little  bit  of 
experimentation. 

We  obtained  the  MobiControl  device  app 
from  the  Apple  App  Store  and  Google  Play. 
We  installed  the  app,  and  entered  a  code.  The 
code,  in  turn,  vectors  to  the  aforementioned 
Windows  7  MobiControl  admin  app  that  we’d 
configured.  Once  linked,  the  phone  is  locked 
down  to  whatever’s  been  configured  in  the 
management  app.  The  phone  also  then  sends, 
via  the  carrier  or  Wi-Fi,  the  approximate 


location  of  the  device. 

Also  included  is  a  company  store-like  app 
catalog,  which  SOTI  doesn’t  vet  through 
Appthority  or  another  third-party  mobile 
application  analyzer. 

We  found  MobiControl’s  provisioning  and 
administration  model  to  be  both  well  thought 
through  and,  in  terms  of  user  locational  pri¬ 
vacy,  a  bit  scary  from  a  management  perspec¬ 
tive  —  very  useful  in  some  cases,  but  onerous 
in  others.  We  might  choose  it  for  both  reasons, 
but  only  after  a  review  about  what  ethical  loca¬ 
tional  privacy  standards  should  be. 


Webroot  SecureAnywhere 
Business-Mobile  Protection 

Webroot  has  taken  its  online,  graduated- 
feature  set  of  personal/consumer  MDM  con¬ 
trol  apps  (called  SecureAnywhere  Personal), 
and  upgraded  it  to  a  small  organization-size 
cloud  product.  We  believe  we’re  first  to  review 
it,  as  the  “Business”  version  is  brand  new.  We 
found  it  immature,  but  promising. 

Webroot  is  known  for  its  highly  rated  desk¬ 
top  virus/malware  protection  products,  and 
SAB-MP  is  an  extension  of  a  portal-based 
MDM  product.  Webroot  tries  to  protect  the 
phone  through  secure  browsing,  SMS  exami¬ 
nation  for  origin  of  malware,  and  has  a  virus/ 
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Overview 

PC  Security 
Identity  &  Privacy 
Backup  &  Sync 
System  Toots 


My  Account 
SettSnos 

and  Support 


You  are  protected 


Webroot  16  providing  you  with  up-to-the-second  protection  from  viruses, 
malware.  and  other  threats 


Scan  My  Computer 


^  Virus  and  threat  removal  -  scan  and  remove  threats 
^  Antivirus  shields  •  block  incoming  threats  to  prevent  infection 
P'fewall  -  filter  Internet  and  network  traffic 
identity  $  Privacy  -  protect  yourself  while  browsing  web  sites 
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Wont  to  learn  more  about  Webroot? 

Get  the  answers  to  many  of  your  questions  about  our 
products  right  now 
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We  drive  data  center  innovations 


EcoBreeze  with  Two 
Economizer  Modes 


StruxureWare  for 
Data  Centers 


Facility  Power  Module 


Reference  Designs 


Our  physical  infrastructure  with  full-visibility  management 
software  enables  responsive,  energy-efficient  data  centers. 


Rack-to-row-to-room-to-building  architecture  lowers  cost. 

Improving  both  efficiency  and  system  uptime  requires  a  second  look 
at  today’s  data  centers!  Featuring  innovative  and  industry-leading 
physical  infrastructure  components,  Schneider  Electric™  data  centers 
uniquely  span  traditional  IT  “white  space”  and  facilities  to  improve 
interoperability,  deliver  true  data  center  agility,  and  achieve  cost¬ 
saving  energy  and  operational  efficiency.  Our  integrated  architecture 
also  lowers  total  cost  of  ownership,  enables  fast,  easy  design  and 
deployment,  and  promises  the  highest  availability. 

It  comprises  best-of-breed  components  available  from  a  single  source 
and  through  a  global  supply  and  services  chain.  From  our  well-known 
APC  InRow™  cooling  units  to  our  innovative  EcoBreeze™  facility  cooling 
module  with  two  economizer  modes  to  our  unparalleled  data  center 
management  software  StruxureWare™  for  Data  Centers,  Schneider 
Electric  products  can  be  found  literally  in  every  data  center  domain. 

We  offer  the  most  energy-efficient  components  —  all  uniquely 
engineered  as  a  system.  In  the  long  run,  the  Schneider  Electric  rack- 
to-row-to-room-to-building  approach  reduces  total  data  center  life 
cycle  cost  up  to  1 3  percent  and  30  percent  of  data  center  physical 
infrastructure  cost  over  10  years!  In  fact,  it’s  the  foundation  of  our 
Business-wise,  Future-driven™  data  centers. 

|Dl  SQUARE  0 

by  Schneider  Electric 


by  Schneider  Electric 


>  EcoBreeze  with  Two  Economizer  Modes 

Only  the  scalable  EcoBreeze  automatically 
switches  between  air-to-air  heat  exchange 
and  indirect  evaporative  cooling  to  maximize 
conditions  year-round. 

>  Data  Center  Facility  Power  Module 

Our  modular,  step-and-repeat  approach  to 
facility  power  lets  you  expand  capacity  in  500  kW 
increments  as  needed,  cutting  OpEx  by  up  to  35 
percent  and  CapEx  from  1 0  to  20  percent. 

>  StruxureWare  for  Data  Centers 

With  building-to-server  visibility,  StruxureWare 
for  Data  Centers  enables  you  to  make  informed 
decisions  about  your  physical  infrastructure. 

>  Reference  Designs 

Our  standardized  architectures  for  various  data 
center  configurations,  from  200  kW  to  20  MW, 
reduce  time,  cost,  complexity,  and  system  risk. 

>  Data  Center  Life  Cycle  Services 
Including  energy  management  services, 
professional  services  from  planning,  buiid/retrofit, 
and  operations  help  ensure  highest  system 
availability  and  efficiency. 


Business-wise,  Future-driven. 


Is  your  data  center  efficient?  Download  our  White 
Paper  Efficiency  Kit  and  register  to  win  an  Apple  TV®. 

Visit:  www.SEreply.com  Key  Code:  u702v  Call:  888-289-2722  x6476 
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CLEAR  MOBILE  DEVICE  MANAGEMENT 


malware  scanning  app. 

As  a  cloud-only  product 
and  in  its  first  iteration,  it’s 
a  little  raw,  but  has  pre¬ 
tensions  toward  eventual 
features  covered  by  SOTI, 
such  as  location-based  geo- 
locating  of  users,  and  certif¬ 
icate-based  phone  control. 

It’s  less  complicated,  but 
also  not  as  strongly  fea¬ 
tured  as  SOTI  and  Afaria. 

Like  other  packages  we 
tested,  there  are  two  sides 
to  the  installation:  first  an 
administrative  setup,  and 
second,  a  user-side  down¬ 
load  either  to  an  Android  or  iOS  device.  Today, 
there  isn’t  control  for  ActiveSync/ Microsoft 
devices  or  BlackBerry.  The  payload  deposited 
on  Windows  or  Android  mobile  devices  and 
the  payload  and  subsequent  mobile  device 
app  isn’t  configurable  or  “skinned”  with  cor¬ 
porate  logos,  surgically  applied  policy  con¬ 
trols,  etc.  Control  is  based  on  approved  apps, 
and  contained  Web  surfing. 

We  went  through  a  simple  customer  intake 
experience  (sign  up  on  the  Web),  and  in  a  few 
short  steps,  were  inside  the  SaaS-based  cloud 
UI.  We  liked  the  two-method  authentication 
process  for  administrative  portal  access.  We 
added  users,  which  could  be  done  manually 
or  from  an  imported  Active  Directory  list 
(instructions  included).  You  can  delete  Active 
Directory  users  who  don’t  have  phones. 

A  URL/QR  code  is  then  emailed  or  SMS- 
sent  to  desired  devices  that  takes  them  to 
Google  Play  or  an  Apple  App  Store  link, 
where  the  device-specific  application  that  will 
serve  as  a  phone  controller  is  located.  The  user 
clicks  on  that  link  and  is  sent  a  payload  that 
installs  on  the  phone.  The  Google  Play  link 
didn’t  require  a  Google  account  to  download 
in  our  tests.  After  installation  is  complete  on 
the  phone,  a  username  and  password  (sent  in 
the  SMS  or  email)  is  entered,  and  the  phone 
then  falls  into  Webroot’s  clutches. 

Webroot  supplies  users  with  a  restricted 
browser  setting.  The  setting  serves  as  an 
optional  URL  filtering  authority  that  lim¬ 
its,  through  blacklisting,  the  sites  that  the 
browser  can  surf  to.  Webroot  keeps  a  list  of 
sites  that  are  off  limits  and  will  prevent  users 
from  surfing  to  sites  on  their  list.  Although 
this  list  is  said  to  be  mature,  it’s  difficult  for 
us  to  test.  We  noted  that  it  doesn’t  blacklist  by 
content  type;  the  phrase  “NSFW”  is  meaning¬ 
less.  There’s  also  a  USB  Debugging  Shield  and 
‘Unknown  Sources”  shield  that  can  be  used  to 
filter  content  entering  the  phone  from  USB, 
Bluetooth  or  memory  card. 


SecureAnywhere  for  iOS 
requires  an  initial  adminis¬ 
trative  step  to  build  an  Apple 
Push  Notification  Certificate 
so  that  the  download  for  the 
site  can  exist  in  the  Apple 
App  Store.  One  gets  a  link 
(specific  to  the  organization), 
downloads  the  app,  and  the 
app  behaves  largely  like  the 
Android  version. 

The  mobile  device  pay- 
load/app  can  query  the 
phone  for  location  informa¬ 
tion,  then  gives  the  longi¬ 
tude/latitude  best-guess  to 
Google  Maps  on  the  Webroot 
administrative  console,  then,  like  SOTI,  shows 
the  ostensible  location  of  the  phone.  A  map 
with  a  pinpoint  means:  you’re  there.  A  wider- 
diameter  circle  on  the  map  means:  somewhere 
in  the  area  roughly  inside  the  circle.  The  phone 
has  to  have  some  type  of  geolocation  service 
turned  on,  or  at  least  provide  carrier-based 
information,  to  do  this.  Using  apps  like  Google 
Play  to  locate  a  user  takes  longer  than  having 
GPS  enabled  (which  is  a  minor  battery  waster). 

The  Lost  Device  Protection  includes  geolo¬ 
cation,  the  ability  to  make  the  device  Scream 
(where  did  I  leave  it?),  wipe  the  device,  lock, 
unlock  and  lock  with  message.  We  noticed 
a  few  delays  getting  messages  to  our  test 
phones,  while  others  were  nearly  instanta¬ 
neous.  It  might  have  been  the  carrier’s  fault, 
although  the  inconsistencies  were  odd  to  us. 

In  all,  the  SAB-MP  app  is  rudimentary  and 
easy  to  understand,  has  no  device  payloads  or 
model-specific  widgets,  and  is  poised  more 
toward  smaller  organizations.  The  docs  were 
primitive  but  explained  the  operations  at  the 
level  of  a  systems  operator.  Civilians  might 
have  problems,  but  support  and  community 
forums  are  available  at  the  Webroot  website. 

Webroot  did  not  identify  our  Android 
rootkit,  SuperUser,  as  malware.  A  Webroot 
spokesperson  says  that  the  company  identi¬ 
fies  malware  through  its  own  processes,  and 
‘benign  rootkits”  are  not  identified  as  mal¬ 
ware.  We  hope  Webroot  changes  its  policy,  as 
we  believe  there  is  no  such  thing  as  an  active 
‘benign”  rootkit.  Also,  Webroot  uses  its  own 
system  of  identification  of  malware  apps  to 
be  flagged.  Although  we  didn’t  seed  malware 
onto  our  phones,  we  could  not  test  this  claim. 

In  all,  Webroot  needs  a  bit  of  polish  to  get 
to  the  point  where  the  other  products  start, 
although  it  looks  promising. 

LanDesk  Mobility  Manager 

The  LanDesk  Management  Console  plat¬ 
form  is  based  on  Windows  Active  Directory 


Services,  Exchange  2007  or  2010,  and  the 
RIM  BlackBerry  Enterprise  Server,  if  you 
use  it  (we  don’t). 

The  LanDesk  Mobility  Manager  is  an  add¬ 
on  to  the  basic  (and  required)  LanDesk  Man¬ 
agement  Console.  It  can  be  used  without  the 
Active  Directory  services,  but  we  don’t  recom¬ 
mend  this,  as  the  ActiveSync  infrastructure 
and  Microsoft  Exchange  would  likely  be  a 
hassle  without  it.  Your  management  day  will 
be  bad  if  you  try. 

The  LanDesk  MDM  product  would  be  the 
third  server  in  your  Windows-based  network 
after  a  Windows  2003/8  (or  R2)  primary  “cat¬ 
alog”  server,  and  a  second  server  that  hosts 
the  Management  Console. 

Windows  server  licenses  can  be  minimal; 
they  just  need  to  be  in  the  same  forest  and  can 
be  virtual  machines.  If  VMs  or  discrete  bare- 
metal  servers  are  used,  they  need  a  minimum 
of  50  free  gigs  of  storage.  If  you  have  Microsoft 
Exchange  (check  your  version  as  there  are  dif¬ 
ferences  in  functionality  between  2007  and 
2010;  we  used  Exchange  2010),  it  can  under¬ 
stand  and  utilize  the  APIs  that  Exchange 
offers  to  control  devices. 

The  easy  part  is  initial  device  provision¬ 
ing.  Get  the  LanDesk  app  from  the  Apple 
App  Store,  or  from  Google  Play.  Install  it,  and 
authentication  to  the  server  is  next.  Also,  the 
Mobility  server  needs  to  be  on  your  DMZ  with 
a  world  (or  at  least  carrier-accessible)  FQDN 
or  IP  address.  This  is  similar  to  how  SOTI  and 
Webroot  work.  From  there,  it’s  possible  to  add 
a  device  app  that  allows  an  additional  portal 
access  (after  it’s  configured  in  the  Mobility 
Manager)  for  apps,  files,  etc.  that  can  be  down¬ 
loaded  to  the  device. 

Mobility  Manager  does  an  initial  check  of 
the  client  mobile  device  for  rootkits  and  jail- 
breaks  on  enrollment;  flags  can  be  set  to  allow 
enrollment  despite  the  presence  of  these  device 
states.  After  enrollment,  they  can  be  detected, 
we  found,  but  aren’t  necessarily  quarantined, 
although  their  state  is  noted  in  the  inventory 
reports.  There  are  no  restrictions  placed  on 
browsing.  Our  rooted/jailbroken  devices  were 
identified,  but  you  can  “grandfather  in”  devices 
whose  states  are  questionable.  However,  your 
devices  won’t  be  geolocated  because  location 
tracking  isn’t  offered. 

Active  Directory  policies,  in  terms  of  con¬ 
trol,  are  easily  applied.  You  can  lock  a  phone, 
change  its  PIN  and  wipe  the  phone  (and  can 
remove  the  wipe  command  if  you  get  the  tim¬ 
ing  right,  so  as  to  allow  a  user  time  to  find  it). 
We  could  also  send  VPN  and  email  settings, 
and  even  Wi-Fi  pre-shared  keys  to  the  devices 
we  controlled. 

If  Exchange  2010  is  installed,  polices  can 
be  enabled  to  prevent  user  access  to  mail,  if 
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Webroot  SecureAnywhere  Mobile  Protection 


•  Home  »  Security 

. . . 

Security 

No  problems  detected 

. . . . . . 

\  Antivirus 

j  Protect  your  phone  from  viruses 

.  r  . . 

i  Secure  Web  Browsing 

J  8<ock  websites  that  are  known  se 
U'j  threats 

:  - — - - - ---w 

Webroot’s  MDM  product  is 
somewhat  immature,  but  shows 
promise. 
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WINDOWS  SERVER  2012  |CEEPS  YOUR 
APPLICATIONS  UP  AND  RUNNING. 


Bring  the  availability  of  cloud  computing  inside  your  datacenter  with 
Windows  Server  2012,  the  only  server  built  from  the  cloud  up.  It  lets  you  set 
up  failover  systems  within  your  datacenter  or  at  a  remote  location.  So  your 
applications  are  available  when  and  where  you  need  them. 
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Network  World's  forum  on  Linkedln  is  the  place  for 
network  and  IT  professionals  to  offer  each  other  advice 
and  discuss  the  networking  news  of  the  day.  Network 
World  editors  are  on  hand  to  ensure  that  the  group 
remains  free  of  spam  and  vendor  spin,  and  to  give  their 
take  on  what's  important  in  networking.  Occasionally, 
they'll  poll  the  group  on  controversial  issues  and  you 
can  make  your  voice  heard. 

Ask  a  question.  Post  a  job  listing.  Connect  with 
peers.  Join  Today! 
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Cables 


Connectivity 


Warranty 


As  if  your  job  (and  life)  weren't  complicated  enough,  the  installer  you  hired  installs 
jacks  from  manufacturer  A,  cables  from  manufacturer  B,  patch  panels  from  C,  and 
patch  cords  from  D  for  your  data  center  cabling.  Then  when  something  goes  wrong, 
your  installer  says  it  is  manufacturer  A's  fault,  A  points  to  B,  B  blames  it  on  C,  and 
D  is  not  returning  your  calls.  If  this  sounds  familiar,  then  it's  time  to  specify  ICC. 


For  over  25  years  we  have  manufactured  End  to  End  Structured  Cabling  Solutions 
including  jacks,  patch  panels,  cables,  racks  and  patch  cords  that  are  tuned  together  to 
exceed  the  TIA  standard  by  as  much  as  8dB.  With  our  1 5  year  or  Lifetime  performance 
warranty  from  a  single  vendor,  no  finger  pointing,  and  the  best  pricing  in  the  industry, 
life  couldn't  be  simpler! 

If  you  want  to  keep  your  life  simple,  specify  ICC  End  to  End  Solutions  and  look  for  an 
ICC  Certified  Elite  Installer rM. 
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desired,  or  to  allow  only  users  managed  by 
the  app  to  get  email,  as  a  policy.  We  tried  this 
and  it  works.  If  organizational  mail  is  sensi¬ 
tive  or  shouldn’t  be  accessed  by  BYOD  devices, 
here’s  the  place  to  manage  the  device,  whilst 
gleefully  preventing  email-borne  problems 
associated  with  mobile  devices.  You  get  access, 
but  no  mail.  And  you,  over  there,  you  get  mail. 

The  device  polling  frequency  is  selectable, 
which  we  prefer,  and  we  increased  it  and 
found  that  the  reaction  time  in  the  devices 
improves  as  a  result.  In  this  setup,  there  are 
several  potential  points  of  failure,  which 
need  to  be  guarded  or  made  more  highly 
available,  as  the  path  to  the  Mobility  Man¬ 
ager  server  in  our  test  “DMZ”  is  critical  for 
interaction  between  the  Mobility  Manager 
and  its  managed  devices. 

While  we  like  the  LanDesk  configuration, 
we’d  feel  more  comfortable  if  devices  brought 
under  its  management  control 
received  a  sound  thrashing  at 
installation  for  rootkits  and  jail- 
broken  conditions.  Beyond  this, 
however,  for  an  organization  that 
wants  to  leverage  a  sound  Active 
Directory  infrastructure,  the 
free  Management  Infrastructure 
that  you  get  with  the  Mobility 
Control  is  a  decided  plus. 

SAPAfaria7 

When  we  looked  at  what  was 
then  Sybase  Afaria,  we  found  a 
comprehensive  package  whose 
approach  had  Frankenstein- 
like  integration.  Since  that  time, 

Sybase  and  Afaria  have  been 
acquired  by  SAP,  and  their 
approach  to  MDM  is  now  inte¬ 
grated  into  a  single  Web-UI 
portal  that,  in  turn,  controls 
modular  servers  that  perform  various  ele¬ 
ments  of  device  management  and  control. 

Its  UI  is  non-obvious,  but  with  a  short  bit 
of  reading  through  the  docs  and  getting  light 
assistance,  we  found  it  to  be  both  under¬ 
standable  and  packed  with  workflows  poised 
toward  BYOD  and  mischief  control. 

The  entire  Afaria  7  package  can  be  cloud 
based  (we  tried  ours  in  Amazon  Web  Services) 
or  as  members  —  probably  virtual  machines 
—  in  an  enterprise  network  framework.  Each 
portal  can  be  connected  to  an  organization’s 
Windows  Active  Directory,  but  only  in  the  flat 
model  —  one  domain  per  instance  of  Afaria 
7  —  although  a  spokesperson  said  multiple 
domains/forest  can  be  dealt  with  by  perhaps 
the  end  of  2012. 

The  improvements  are  major,  but  some 
assembly  is  required.  The  assembly  comes 


at  the  crux  of  a  current  marketing  program 
where  a  two-week  trial  of  Afaria  on  AWS  is 
offered,  with  optional  third-party  help  (you 
get  presales  dedicated  engineering  help)  to 
configure  the  right  initial  platform.  It’s  a  com¬ 
plicated  decision  tree,  and  you’ll  probably 
need  the  help.  With  the  trial,  Afaria  preloads 
the  configuration  and,  in  turn,  starts  allowing 
clients  to  go  down  a  decision  tree  of  configu¬ 
ration  options  appropriate  to  their  workflow 
and  policy  mandates. 

The  “single  pane  of  glass”  in  Afaria  7  over¬ 
comes  the  several  pains  of  glass  that  were  dem¬ 
onstrated  in  our  last  view  of  Afaria  6,  which 
was  comprehensive,  but  mind-boggling  to 
manage.  In  the  current  cloud  model,  Afaria 
still  uses  modular  components,  but  processes 
are  now  linked  together  logically.  As  an  exam¬ 
ple,  we  can  set  up  a  device  with  a  specific  group 
and  policy  in  about  five  mouse  clicks. 


There  can  also  be  “master”  or  distributed 
servers  that  cover  different  business  units 
or  logical/geographical  areas,  subject  to  the 
Active  Directory  limitation  mentioned.  Or 
you  can  go  without  Active  Directory  at  all, 
if  desired  —  meaning  users  and  authentica¬ 
tion  becomes  more  manual  in  administra¬ 
tive  nature. 

The  tasks  are  similar  to  other  MDM  pack¬ 
ages:  build  groups,  set  policies,  get  users  to 
sign  on  and  control  the  device,  whether  iOS, 
Android  or  Windows  Mobile  (to  v7).  Afaria 
can  provision  a  device  via  Active  Directory 
membership,  an  organization’s  Certificate 
Authority,  via  MS-CHAP  v2,  or  by  allowing 
a  user  to  download  a  payload  through  one  of 
several  resources  appropriate  to  the  device. 

Software  application  payloads  aren’t  ini¬ 
tially  included,  but  are  sent  subsequently. 


One  can  develop  an  “enterprise  application 
store”  if  desired;  in  the  SAP  model.  SAP’s 
applications  are  vetted  for  behavior,  but  your 
applications  are  on  your  own  —  yet  easily 
populated  into  an  enterprise  store  for  subse¬ 
quent  download  by  subscribed  users. 

Afaria  does  the  initial  two-week  customer 
trial  configuration  of  host  services  in  the 
AWS  cloud,  although  manual  instructions 
to  provision  into  AWS  are  included  for  those 
who  must  do  this  themselves  (generally,  for 
security  reasons).  In  a  non-preloaded  cloud, 
enterprise  installation,  the  turf  is  a  Windows 
Server  instance  using  Microsoft  SQL  Server 
or  Sybase  iAnywhere. 

We  could  put  users  into  groups  of  three 
kinds-.  Static,  Dynamic,  or  Individual.  Group 
memberships  have  policies  applied,  and  if 
there  are  two,  policies  of  both  groups  that 
a  device  is  a  member  of.  We  suggest  use  of 
Dynamic  Groups,  as  they  also  allow 
the  ability  to  move  users  whose 
devices  are  compromised  (rootkit, 
jailbreak,  appearance  of  a  hostile 
application)  into  those  groups  for 
easy  monitoring  and  mitigation. 

We  used  the  included  (pre¬ 
configured)  Self  Service  Portal 
to  obtain  our  test  device’s  initial 
Afaria  client  payloads.  We  chose 
not  to  have  a  device  that’s  com¬ 
promised  to  have  allowed  access, 
so  that  once  enrolled,  the  device 
could  receive  a  remediation  mes¬ 
sage.  Otherwise,  if  access  is  denied, 
a  user  only  receives  a  message  that 
the  device  is  compromised  and  the 
software  won’t  install.  The  pay- 
load  can  be  re-initialized  in  this 
case,  after  a  rootkit  or  other  offend¬ 
ing  condition  is  removed. 

Afaria  immediately  found  our 
SuperUser  rootkit  and  classified  the  device  in 
the  way  we  desired. 

Afaria  polls  groups  by  default,  once  a  day, 
but  we  found  ourselves  upping  the  polling 
rate  to  detect  changes,  as  we  feel  other  orga¬ 
nizations  will. 

Afaria  lacks  some  competitive  components, 
like  location-based  user  device  tracking.  Indi¬ 
vidual  devices  can  be  shut  down,  but  locating 
them  isn’t  offered.  Packaging  can  be  skinned 
with  organizational  logos,  for  customizing. 
What  we  found  objectionable  in  our  last 
review,  a  sense  of  grafting  and  disjointed 
applications,  has  changed  dramatically  and 
for  the  better.  ■ 

Henderson  is  principal  researcher  for 
ExtremeLabs,  of  Bloomington,  Ind.  He  can  be 
reached  at  kitchen-sink@extremelabs.com. 


SAP  Afaria  7  is  a  vast  improvement  over  Version  6. 
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What  do  100%  of  mobile  users  want?  No  fails! 


THE  RUSH  to  make  everything  mobile  has 
generated  new  ways  to  do  business,  new 
ways  to  organize  ourselves  and  new  ways 
to  communicate,  but  mobile  apps  aren’t  your  father’s  mainframe,  desk¬ 
top  or  laptop  applications. 

Nope,  mobile  apps  exist  in  a  world  where  not  only  is  the  underlying 
network  transport  anything  from  great  to  nonexistent  (which  leads 
to  all  sorts  of  complexities),  but  also  the  polish  and  brio  of  leading 
mobile  apps  has  created  user  expectations  that,  if  I  were  to  hazard  a 
guess,  are  an  order  or  two  of  magnitude  greater  than  enterprises  are 
used  to  delivering! 

The  issue  of  vastly  greater  mobile  app  user  expectations  is,  I’d  sug¬ 
gest,  pretty  much  all  Apple’s  fault.  If  only  Steve  Jobs  hadn’t  been  so 
obsessive  about  design  values  and  perfect  execution,  all  of  the  mobile 
app  development  shops  would  have  a  much  easier  time  of  it.  But  no, 
Apple  D.J.  (During  Jobs)  produced  the  iPhone,  the  iPad  and  iOS,  and 
along  with  those  platforms  the  idea  that  apps  should  be  slick,  polished, 
responsive  and  beautiful  became  the  norm. 

If  you  doubt  that  users  feel  that  way,  consider  a  recent  survey:  The 
2012  Mobile  App  Review  (tinyurl.com/d9elklb)  by  Apigee,  a  company 
that  provides  API-based  services  to  support  mobile  apps.  This  survey 
(conducted  online  in  October)  of  more  than  500  U.S.  mobile  app  users 
aged  18  and  older,  revealed  some  interesting  stats. 

First  of  all,  44%  of  those  surveyed  said  that  poor  performance  would 
make  them  delete  an  app  immediately!  Moreover,  18%  of  them  admit¬ 
ted  they  would  delete  a  mobile  app  if  it  froze  for  just  five  seconds. 

Just  think  of  that.  Five  seconds  at  best,  immediately  at  worst! 


What’s  interesting  about  this  low  tolerance  is  the  app  could  be  try¬ 
ing  to  retrieve  data  from  a  slow  remote  server  over  a  slow  network, 
but  if  the  app  appears  to  be  non-responsive,  users  will  more-or-less 
immediately  rate  it  to  be  a  fail.  Apps  need  to  be  built  to  deal  with  users 
whose  patience  has  shrunk  from  minutes  in  the  1990s  to  seconds  in  the 
‘aughts,  and  now  to  milliseconds  here  in  the  ‘teens. 

The  survey  showed  that  freezes  (76%),  crashes  (71%)  and  slow 
responsiveness  (59%)  were  major  deal-breakers,  as  was  heavy  battery 
use  (55%). 

The  survey  also  found  that  how  the  app  publisher  responds  will 
make  a  big  difference  in  how  users  feel  about  a  problematic  app. 
Almost  90%  said  the  No.  1  thing  that  will  make  them  feel  better  about 
a  failing  app  is  if  the  publisher  fixes  the  problem  quickly,  with  46% 
wanting  personal  responses  and  21%  wanting  a  public  apology  (it’s 
worth  noting  that  failing  to  apologize  appears  to  get  100%  of  Apple 
execs  fired  —  see  tinyurl.com/aqxj895). 

So,  when  you  plan  to  release  your  next  mobile  app  for  your  enter¬ 
prise,  whether  it’s  developed  in-house,  bespoke  developed,  or  a  com¬ 
mercial  product,  think  very  carefully  about  how  the  app  looks,  feels, 
communicates,  how  it  might  fail,  and  how  you’ll  handle  problems  if 
anything  goes  wrong. 

One  hundred  percent  of  users  will  “like”  you  for  making  the  right 
decisions.  ■ 

Gibbs  is  up  on  stats  in  Ventura,  Calif.  Your  percentage  satisfaction 
to  backspin@gibbs.com  and  follow  him  on  Twitter  and  App.net  (@ 
quistuipater)  and  on  Facebook  (quistuipater). 
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A  disappearing  vendor . . .  and  an  outed  troll 


THIN-CLIENT  MAKER  Pano Logic, headed 
by  former  Wyse  CEO  John  Kish,  has  gone 
out  of  business ...  without  so  much  as  a  pub¬ 
lic  word  to  the  customers  it  has  left  high  and  dry. 

In  fact,  the  closure  was  so  abrupt  and  stealthy  that  last  week  on 
Buzzblog  I  felt  obligated  to  couch  my  post  with  the  phrase  “apparently 
has  gone  out  of  business,”  although  the  circumstantial  evidence  was 
probably  enough  to  forgo  that  formality. 

The  company’s  previously  active  Twitter  account  had  issued  its  last 
tweet  Oct.  22. 

The  same  went  for  Pano  Logic’s  Facebook  page,  where  anxious  cus¬ 
tomers  were  leaving  messages  like:  “Why  has  the  management  and 
investor  sections  of  your  website  been  removed?”  And:  “What  is  your 
post-bankruptcy  plan  for  support  and  parts?” 

The  latter  question  was  posed  by  Sean  Kubin,  a  senior  associate  at 
Network  Data  Services  in  North  Little  Rock,  Ark.  He  told  me  that  he 
posted  that  message  after  he  and  his  co-workers  went  to  extraordinary 
lengths  to  contact  the  company  by  phone  and  email. 

“We  couldn’t  get  anyone  to  pick  up  the  phone  or  return  our  messages,” 
Kubin  says.  “Finally,  some  [Pano  Logic]  VP  picks  up  the  phone  —  he 
just  happened  to  be  there  cleaning  out  his  desk  —  and  he  says  that  out 
of  the  blue  everyone  was  told  they  were  gone.” 

Desperate  for  more  information,  Kubin  said  Network  Data  Services 
pressed  its  contacts  at  technology  wholesaler  Ingram  Micro  to  see 
what  they  knew.  “A  couple  of  days  later  they  got  back  to  us  and  said  we 
had  a  scoop;  that  [the  closing]  had  something  to  do  with  a  cease  and 
desist  order  that  [Pano  Logic]  couldn’t  fight,”  Kubin  says. 


Who  knows  whether  there’s  any  validity  to  the  cease  and  desist 
thing?  Guessing  is  one  thing  that  happens  in  cases  like  this. 

Pano  Logic  was  founded  in  2006,  raised  more  than  $35  million  in 
venture  capital  and  employed  some  50  or  more  people. 

Then  went  poof!  You’d  think  someone  would  feel  a  responsibility  to 
explain.  So  far,  at  least,  you’d  be  wrong. 

Why  the  hurricane  Twitter  troll  shouldn’t  be  prosecuted 

Last  week  a  New  York  official  was  urging  the  district  attorney  to  con¬ 
sider  bringing  charges  against  one  Shashank  Tripathi,  who  goes  by  the 
obnoxious  name  @comfortablysmug  on  Twitter  and  used  that  account 
to  spread  alarmist  lies  during  Hurricane  Sandy.  Charging  Tripathi 
would  be  a  bad  idea,  in  my  opinion,  not  to  mention  unnecessary. 

While  irresponsible  and  just  plain  rotten,  it  doesn’t  appear  that  what 
this  fool  did  rises  to  a  level  calling  for  criminal  prosecution.  After  all, 
if  we’re  going  to  bring  the  force  of  law  to  bear  on  those  who  use  the 
Internet  to  spread  falsehoods,  we  might  find  ourselves  atop  the  slip¬ 
periest  of  slippery  slopes ...  and  almost  certainly  the  most  crowded  one. 

Tripathi,  who  did  apologize,  was  forced  to  resign  his  position  as  a 
political  consultant.  If  he  gets  to  keep  his  day  job  on  Wall  Street  he  will 
be  lucky;  if  not,  he  will  receive  little  sympathy. 

But  most  of  all,  the  same  Internet  that  this  guy  so  blithely  abused 
during  a  time  of  crisis  will  make  sure  that  what  he  did  is  not  soon  for¬ 
gotten  ...Just  Google  his  name. 

All  the  legal  system  could  do  is  fine  him  a  few  dollars.  ■ 

Want  to  dish  about  Pano  Logic?  The  address  is  buzz@nww.com. 
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